The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ubuntu_linux | Canonical | 12.04 | 12.04 |
Ubuntu_linux | Canonical | 16.04 | 16.04 |
Ubuntu_linux | Canonical | 14.04 | 14.04 |