Safety vulnerability ID: 71635
The information on this page was manually curated by our Cybersecurity Intelligence Team.
In DBT affected versions, binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address. This effectively binds to any network interface on the local system, not just localhost (127.0.0.1).
Latest version: 1.8.8
With dbt, data analysts and engineers can build analytics the way engineers build applications.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application