Search for packages
| purl | pkg:pypi/django@0.95.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-rkt5-kwum-43c8
Aliases: CVE-2008-3909 GHSA-r5cj-wv24-92p5 PYSEC-2008-2 |
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 45 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:00:35.592016+00:00 | GHSA Importer | Affected by | VCID-rkt5-kwum-43c8 | https://github.com/advisories/GHSA-r5cj-wv24-92p5 | 38.0.0 |
| 2026-04-01T12:50:00.867879+00:00 | GitLab Importer | Affected by | VCID-rkt5-kwum-43c8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2008-3909.yml | 38.0.0 |