PyPi: Dbt-Core

CVE-2024-36105

Safety vulnerability ID: 71635

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 27, 2024 Updated at Dec 09, 2024
Scan your Python projects for vulnerabilities →

Advisory

In DBT affected versions, binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address. This effectively binds to any network interface on the local system, not just localhost (127.0.0.1).

Affected package

dbt-core

Latest version: 1.9.0

With dbt, data analysts and engineers can build analytics the way engineers build applications.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application