High severityNVD Advisory· Published Sep 4, 2008· Updated Jun 16, 2026
CVE-2008-3909
CVE-2008-3909
Description
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 0.91.0, < 0.91.3 | 0.91.3 |
DjangoPyPI | >= 0.95.0, < 0.95.4 | 0.95.4 |
DjangoPyPI | >= 0.96.0, < 0.96.3 | 0.96.3 |
Affected products
2Patches
Vulnerability mechanics
References
17- www.djangoproject.com/weblog/2008/sep/02/security/nvdPatch
- www.debian.org/security/2008/dsa-1640nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2008/09/03/4nvdMailing ListThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-r5cj-wv24-92p5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-3909ghsaADVISORY
- osvdb.org/47906nvdBroken Link
- secunia.com/advisories/31837nvdNot Applicable
- secunia.com/advisories/31961nvdNot Applicable
- www.djangoproject.com/weblog/2008/sep/02/securityghsaWEB
- www.vupen.com/english/advisories/2008/2533nvdNot Applicable
- github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752ghsaWEB
- github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8eghsaWEB
- github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-2.yamlghsaWEB
- www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.htmlnvdBroken LinkWEB
- www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.htmlnvdBroken LinkWEB
News mentions
0No linked articles in our index yet.