[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: python-django and CVE-2016-9014

Guido Günther wrote:

> Isn't this also affected by a rebinding attack since we allow any host
> in debug mode?

If it helps, speaking as a regular Django developer, if you've got
``settings.DEBUG`` enabled in production you have much bigger problems
than a rebinding attack…


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk

Reply to: