| Description: | Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorised modification of data through cross site request forgery. This is possible regardless of the Django plugin to prevent cross site request forgery being enabled. |