High severityNVD Advisory· Published Feb 14, 2011· Updated Jun 16, 2026
CVE-2011-0696
CVE-2011-0696
Description
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.1, < 1.1.4 | 1.1.4 |
DjangoPyPI | >= 1.2, < 1.2.5 | 1.2.5 |
Affected products
10cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
25- openwall.com/lists/oss-security/2011/02/09/6nvdPatchWEB
- www.djangoproject.com/weblog/2011/feb/08/security/nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- github.com/advisories/GHSA-5j2h-h5hg-3wf8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-0696ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.htmlnvdWEB
- secunia.com/advisories/43230nvdWEB
- secunia.com/advisories/43297nvdWEB
- secunia.com/advisories/43382nvdWEB
- secunia.com/advisories/43426nvdWEB
- www.debian.org/security/2011/dsa-2163nvdWEB
- www.djangoproject.com/weblog/2011/feb/08/securityghsaWEB
- www.mandriva.com/security/advisoriesnvdWEB
- www.securityfocus.com/bid/46296nvdWEB
- www.ubuntu.com/usn/USN-1066-1nvdWEB
- www.vupen.com/english/advisories/2011/0372nvdWEB
- www.vupen.com/english/advisories/2011/0388nvdWEB
- www.vupen.com/english/advisories/2011/0429nvdWEB
- www.vupen.com/english/advisories/2011/0439nvdWEB
- www.vupen.com/english/advisories/2011/0441nvdWEB
- github.com/django/django/commit/408c5c873ce1437c7eee9544ff279ecbad7e150aghsaWEB
- github.com/django/django/commit/818e70344e7193f6ebc73c82ed574e6ce3c91afcghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-10.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-30.yamlghsaWEB
News mentions
0No linked articles in our index yet.