VDB
ALPINE-CVE-2016-9014
ALPINE-CVE-2016-9014
PUBLISHED
CVSS 8.100000381469727 HIGH
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Risk Scores
CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.2 | py-django | 1.8.14-r0, 1.8-r0, 0 |
| Alpine:v3.5 | py-django | 1.5.7-r0, 1.5.6-r0, 1.5.5-r0 |
| Alpine:v3.8 | py-django | 1.5.6-r0, 1.5.8-r0, 1.6.5-r0 |
| Alpine:v3.10 | py-django | 1.8.10-r0, 1.8-r0, 1.5.7-r0 |
| Alpine:v3.12 | py3-django | 1.8.8-r0, 1.4.1-r0, 1.5.1-r0 |
| Alpine:v3.3 | py-django | 1.7-r0, 0, 1.2.5-r0 |
| Alpine:v3.7 | py-django | 1.8.15-r0, 1.8.14-r0, 1.8.12-r0 |
| Alpine:v3.4 | py-django | 1.8.10-r0, 0, 1.2.5-r0 |
| Alpine:v3.11 | py3-django | 1.8.8-r0, 0, 1.2.5-r1 |
| Alpine:v3.9 | py-django | 1.8.8-r0, 0, 1.4.1-r0 |
| Alpine:v3.6 | py-django | 1.8.15-r0, 1.8.8-r0, 1.8.7-r0 |
Timeline
- Dec 9, 2016 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch