Ericwb

**Name of the Vulnerable Software and Affected Versions** dbt-core versions prior to 1.6.15 dbt-core versions prior to 1.7.15 dbt-core versions prior to 1.8.1 **Description** The issue arises from binding to `INADDR ANY (0.0.0.0)` or `IN6ADDR ANY (::)`, which exposes the application on all network interfaces, increasing the risk of unauthorized access. According to the Python documentation, a special form for address is accepted instead of a host address: `` represents `INADDR ANY`, equivalent to "0.0.0.0". On systems with IPv6, `` represents `IN6ADDR ANY`, which is equivalent to "::". A user serving docs on an unsecured public network may unknowingly host an unsecured (http) web site for any remote user/system to access on the same network. **Recommendations** For dbt-core versions prior to 1.6.15, update to version 1.6.15 or later. For dbt-core versions prior to 1.7.15, update to version 1.7.15 or later. For dbt-core versions prior to 1.8.1, update to version 1.8.1 or later. As a temporary workaround, consider configuring `dbt docs serve` to bind to localhost explicitly.