Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Django CSRF机制跨站请求伪造漏洞
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.2.7版本和1.3.x至1.3.1版本中的CSRF保护机制中存在跨站请求伪造漏洞。由于不能正确处理支持任意HTTP主机头的web服务器配置,远程攻击者借助包含DNS CNAME记录的向量和包含JavaScript代码的web页面触发未认证的伪造请求。
CVSS Information
N/A
Vulnerability Type
N/A