Description
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.21)
Plone CMS CVE-2012-5503 Vulnerability (CVE-2012-5503)
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-8449)
WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.6.6)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)