From 5b5990f5fa4da54091b097a547ce6d650fdc56d2 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 20:04:05 +0000
Subject: [PATCH] Publish GHSA-89hj-xfx5-7q66

---
 .../GHSA-89hj-xfx5-7q66.json                  | 27 +++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/advisories/github-reviewed/2022/05/GHSA-89hj-xfx5-7q66/GHSA-89hj-xfx5-7q66.json b/advisories/github-reviewed/2022/05/GHSA-89hj-xfx5-7q66/GHSA-89hj-xfx5-7q66.json
index f67a550545b..5fa5c26085f 100644
--- a/advisories/github-reviewed/2022/05/GHSA-89hj-xfx5-7q66/GHSA-89hj-xfx5-7q66.json
+++ b/advisories/github-reviewed/2022/05/GHSA-89hj-xfx5-7q66/GHSA-89hj-xfx5-7q66.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89hj-xfx5-7q66",
-  "modified": "2024-05-16T18:23:40Z",
+  "modified": "2024-09-18T20:01:44Z",
   "published": "2022-05-17T03:07:04Z",
   "aliases": [
     "CVE-2014-0473"
@@ -9,13 +9,20 @@
   "summary": "Django Reuses Cached CSRF Token",
   "details": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
   ],
   "affected": [
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "django"
+        "name": "Django"
       },
       "ranges": [
         {
@@ -34,14 +41,14 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "django"
+        "name": "Django"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "1.5.0"
+              "introduced": "1.5"
             },
             {
               "fixed": "1.5.6"
@@ -53,14 +60,14 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "django"
+        "name": "Django"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "1.6.0"
+              "introduced": "1.6"
             },
             {
               "fixed": "1.6.3"
@@ -91,6 +98,10 @@
       "type": "PACKAGE",
       "url": "https://github.com/django/django"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-2.yaml"
+    },
     {
       "type": "WEB",
       "url": "https://www.djangoproject.com/weblog/2014/apr/21/security"
@@ -120,7 +131,7 @@
     "cwe_ids": [
       "CWE-200"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2023-08-16T22:56:38Z",
     "nvd_published_at": "2014-04-23T15:55:00Z"