CVE-2008-3909 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=0.91.0 <0.91.3 || >=0.95.0 <0.95.4 || >=0.96.0 <0.96.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00358 pctl0.57262

Details

Django cross-site request forgery (CSRF) vulnerability The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Metadata

Created: 2022-05-02T00:05:00Z
Modified: 2024-09-16T22:32:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r5cj-wv24-92p5/GHSA-r5cj-wv24-92p5.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-r5cj-wv24-92p5
Finding: F007
Auto approve: 1