Django 7PK - Security Features Vulnerability (CVE-2016-7401) - Vulnerabilities

Description

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

Remediation

References

CVE-2016-7401

Related Vulnerabilities

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3260)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-44945)

Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

WordPress Plugin PayPlus Payment Gateway SQL Injection (6.6.8)

Severity

High

Classification

CVE-2016-7401 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Django 7PK - Security Features Vulnerability (CVE-2016-7401)