CVE-2014-0473
Description
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.298
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django 1.4.11 | Windows |
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django 1.5.6 | Windows |
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django 1.6.3 | Windows |
| High-level Python web development framework (USN-2169-1) python-django_1.6.1-2ubuntu0.11_all.deb | Linux |
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django for linux 1.4.11 | Linux |
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django for linux 1.5.6 | Linux |
| Vulnerabilities CVE-2014-0472,CVE-2014-0473,CVE-2014-0474 are fixed in Python-django for linux 1.6.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234