—

PYSEC-2017-11

Details

Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / django-cms

Introduced in: 0 Fixed in: f77cbc607d6e2a62e63287d37ad320109a2cc78a

Fix pip install --upgrade 'django-cms>=f77cbc607d6e2a62e63287d37ad320109a2cc78a'

References

https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/ [ARTICLE]
https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a [FIX]
http://www.openwall.com/lists/oss-security/2015/06/28/1 [WEB]
https://github.com/advisories/GHSA-2pqc-gv8q-pvqv [ADVISORY]