Download
| Alert*
DSA-3678-1 python-django -- python-django
Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery protections built into Django.
|