FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- CSRF protection bypass on a site with Google Analytics

Affected packages
py-django19 < 1.9.10
py-django18 < 1.8.15
py-django < 1.8.15


VuXML ID bb022643-84fb-11e6-a4a1-60a44ce6887b
Discovery 2016-09-26
Entry 2016-09-27

Django Software Foundation reports:

An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.


CVE Name CVE-2016-7401