CVE-2011-0696

Name of the Vulnerable Software and Affected Versions Django versions 1.1.x through 1.1.3 Django versions 1.2.x through 1.2.4

Description The issue makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests. This is related to the improper validation of HTTP requests that contain an X-Requested-With header, which can be leveraged by a combination of browser plugins and redirects.

Recommendations For Django versions 1.1.x through 1.1.3, update to version 1.1.4 or later. For Django versions 1.2.x through 1.2.4, update to version 1.2.5 or later.