Django Software Foundation · Django · CVE-2016-9014
**Name of the Vulnerable Software and Affected Versions**
Django versions prior to 1.8.16
Django versions prior to 1.9.11
Django versions prior to 1.10.3
**Description**
The issue allows remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED HOSTS when settings.DEBUG is True.
**Recommendations**
For Django versions prior to 1.8.16, update to version 1.8.16 or later.
For Django versions prior to 1.9.11, update to version 1.9.11 or later.
For Django versions prior to 1.10.3, update to version 1.10.3 or later.