HIGH 8.8 PyPI
django-cms CSRF Vulnerability
GHSA-2pqc-gv8q-pvqv · CVE-2015-5081 · PYSEC-2017-11
Published · Modified
Description
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-5081
- WEB https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
- WEB https://github.com/django-cms/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/django-cms/PYSEC-2017-11.yaml
- WEB https://www.django-cms.org/en/blog/2015/06/27/311-3014-release
- WEB http://www.openwall.com/lists/oss-security/2015/06/28/1
Ready to move
Start Securing
Free, no credit card | First findings in minutes