oss-sec mailing list archives
CVE Request: Django CMS
From: Matthew Wilkes <matthew () matthewwilkes co uk>
Date: Sun, 28 Jun 2015 00:23:10 +0100
Hi,
Can a CVE be assigned to this issue, please?
http://www.django-cms.org/en/blog/2015/06/27/311-3014-release/
It's a CSRF issue around publishing of draft changes in Django CMS.
Versions affected are Django CMS <3.0.14 and <3.1.1. I haven't verified
its presence in Django CMS <3.0, I'm afraid.
The relevant commit is: https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a The vendor credits with the discovery: * Sylvain Fankhauser of L//P * Matthew Wilkes of The Code Distillery Thanks, let me know if you'd like more information. Matt
Current thread:
- CVE Request: Django CMS Matthew Wilkes (Jun 27)
- Re: CVE Request: Django CMS cve-assign (Jun 28)
- Re: CVE Request: Django CMS Matthew Wilkes (Jun 28)
- Re: CVE Request: Django CMS cve-assign (Jun 28)