Description
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Remediation
References
Related Vulnerabilities
WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)
PostgreSQL Other Vulnerability (CVE-2002-1402)
phpMyAdmin Cleartext Storage of Sensitive Information Vulnerability (CVE-2008-1567)
Apache Traffic Server CVE-2024-56196 Vulnerability (CVE-2024-56196)