CVE-2014-0473

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.4.11 Django versions 1.5.x prior to 1.5.6 Django versions 1.6.x prior to 1.6.3 Django versions 1.7.x prior to 1.7 beta 2

Description The caching framework in Django reuses a cached CSRF token for all anonymous users. This allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

Recommendations For Django versions prior to 1.4.11, update to version 1.4.11 or later. For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later. For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later. For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.