GHSA-3f2c-jm6v-cr35

Source

https://github.com/advisories/GHSA-3f2c-jm6v-cr35

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3f2c-jm6v-cr35/GHSA-3f2c-jm6v-cr35.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3f2c-jm6v-cr35

Aliases

Published

2022-05-17T00:27:18Z

Modified

2024-09-18T16:25:28.095210Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Django DNS Rebinding Vulnerability

Details

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8a1

Fixed

1.8.16

Affected versions

1.*

1.8a1

1.8b1

1.8b2

1.8c1

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.8.10

1.8.11

1.8.12

1.8.13

1.8.14

1.8.15

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.9a1

Fixed

1.9.11

Affected versions

1.*

1.9a1

1.9b1

1.9rc1

1.9rc2

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

1.9.10

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.10a1

Fixed

1.10.3

Affected versions

1.*

1.10a1

1.10b1

1.10rc1

1.10

1.10.1

1.10.2