Message230650
The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o. |
|
Date |
User |
Action |
Args |
2014-11-04 18:34:36 | pitrou | set | recipients:
+ pitrou, georg.brandl, Arfrever, r.david.murray, berker.peksag, Tim.Graham |
2014-11-04 18:34:36 | pitrou | set | messageid: <1415126076.32.0.571958779106.issue22796@psf.upfronthosting.co.za> |
2014-11-04 18:34:36 | pitrou | link | issue22796 messages |
2014-11-04 18:34:36 | pitrou | create | |
|