VDB

GCVE-110-MAGEIA-2016-368

GCVE-110-MAGEIA-2016-368
Advisory Published
Vulnetix · Advisory published November 6, 2016
User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allow an attacker with network access to the database server to connect. (CVE-2016-9013) DNS rebinding vulnerability when DEBUG=True Older versions of Django don't validate the Host header against settings.ALLOWED_HOSTS when settings.DEBUG=True. This makes them vulnerable to a DNS rebinding attack. (CVE-2016-9014)

Affected Products

VendorProductVersionsPlatforms
Mageiapython-django1.8.16-1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›