Description
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Remediation
References
Related Vulnerabilities
WordPress 4.9.x Denial of Service Vulnerability (4.9 - 4.9.4)
SharePoint CVE-2022-41062 Vulnerability (CVE-2022-41062)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)
WordPress Plugin ClinicalWP Core Cross-Site Scripting (1.0.5)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (3.4.17)