VDB
GCVE-110-MAGEIA-2016-368
GCVE-110-MAGEIA-2016-368
Advisory Published
User with hardcoded password created when running tests on Oracle
When running tests with an Oracle database, Django creates a temporary
database user. In older versions, if a password isn't manually specified
in the database settings TEST dictionary, a hardcoded password is used.
This could allow an attacker with network access to the database server
to connect. (CVE-2016-9013)
DNS rebinding vulnerability when DEBUG=True
Older versions of Django don't validate the Host header against
settings.ALLOWED_HOSTS when settings.DEBUG=True. This makes them
vulnerable to a DNS rebinding attack. (CVE-2016-9014)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-django | 1.8.16-1.mga5 (unaffected), 0 (affected) | — |
Aliases
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.