Cross-site Request Forgery (CSRF) Affecting django package, versions [,1.1.4) [1.2,1.2.5)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.38% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-DJANGO-40058
published 8 Feb 2011
disclosed 8 Feb 2011
credit Michael Koziarski

Report a new vulnerability Found a mistake?

Introduced: 8 Feb 2011

CVE-2011-0696 Open this link in a new tab CWE-352 Open this link in a new tab

Overview

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks. It didn't properly validate HTTP requests containing an X-Requested-With header, which makes it easier for remote attackers to bypass CSRF protection with forged AJAX requests that leverage a "combination of browser plugins and redirects".

Cross-site Request Forgery (CSRF) Affecting django package, versions [,1.1.4) [1.2,1.2.5)

Snyk CVSS

Threat Intelligence

Introduced: 8 Feb 2011

Overview

References