Debian Security Advisory 1640-1 - Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled.
30351b8797d4bde99b857e633d429bdb41ac9026496fee8fe750b38e9e027d43