Description

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

Remediation

References

CVE-2016-7401

Related Vulnerabilities

WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

SharePoint CVE-2022-41122 Vulnerability (CVE-2022-41122)

WebLogic CVE-2020-14588 Vulnerability (CVE-2020-14588)

Severity

High

Classification

CVE-2016-7401 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities