This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients Arfrever, Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date 2014-11-04.18:34:36
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o.
Date User Action Args
2014-11-04 18:34:36pitrousetrecipients: + pitrou, georg.brandl, Arfrever, r.david.murray, berker.peksag, Tim.Graham
2014-11-04 18:34:36pitrousetmessageid: <>
2014-11-04 18:34:36pitroulinkissue22796 messages
2014-11-04 18:34:36pitroucreate