[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: python-django and CVE-2016-9014

On Fri, Nov 04, 2016 at 10:32:43AM +0000, Chris Lamb wrote:
> Guido Günther wrote:
> > Isn't this also affected by a rebinding attack since we allow any host
> > in debug mode?
> If it helps, speaking as a regular Django developer, if you've got
> ``settings.DEBUG`` enabled in production you have much bigger problems
> than a rebinding attack…

I know but I'd like the information in the tracker to be correct.

 -- Guido

Reply to: