Description
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1324)
WordPress Plugin Chat Room Directory Traversal (0.1.2)
Oracle Database Server Other Vulnerability (CVE-2007-0278)
WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Cross-Site Scripting (4.6.19)