Description
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2022-25235)
MySQL CVE-2013-2395 Vulnerability (CVE-2013-2395)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)
Oracle Database Server CVE-2018-2841 Vulnerability (CVE-2018-2841)
WordPress Plugin Quiz And Survey Master-Best Quiz, Exam and Survey Multiple Vulnerabilities (7.0.0)