Moderate severity vulnerability that affects django
Moderate severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Package
Affected versions
>= 1.1.0, < 1.1.4
>= 1.2.0, < 1.2.5
Patched versions
1.1.4
1.2.5
Description
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
Jan 9, 2023
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
References