Tag: Django
Problems related to the Django framework, such as view errors, middleware faults, or misconfigurations
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0031 Medium Impact: 5/10 Mitigation: 5/10 | Django returns DisallowedHost error for untrusted HTTP_HOST headers | Django applications may return a "DisallowedHost" error when receiving requests with an unrecognized or missing Host header. This typically occurs in production environments where reverse proxies, load balancers, or external clients send requests using an unexpected domain or IP address. Django blocks these requests unless the domain is explicitly listed in `ALLOWED_HOSTS`. | Framework Problems | django | DjangoDisallowedhostConfigurationWebSecurityHost HeaderPublic |
| CRE-2025-0035 Critical Impact: 7/10 Mitigation: 6/10 | psycopg2 SSL error due to thread or forked process state | Applications using psycopg2 with OpenTelemetry instrumentation or threading may fail with SSL-related errors such as "decryption failed or bad record mac". This often occurs when a database connection is created before a fork or from an unsafe thread context, causing the SSL state to become invalid. | Database Problems | django | SslPsycopg2ForkThreadsDjangoInstrumentationOpentelemetryKnown IssuePublic |
| CRE-2025-0042 Critical Impact: 7/10 Mitigation: 5/10 | PostgreSQL transaction fails with deadlock detected error in psycopg2 and Django | - Applications using Django with PostgreSQL and psycopg2 may encounter `deadlock detected` errors under concurrent write-heavy workloads. - PostgreSQL raises this error when two or more transactions block each other cyclically while waiting for locks, and one must be aborted. - Django surfaces this as an `OperationalError`, and the affected transaction is rolled back. | Database Problems | django | PostgreSQLPsycopg2DjangoTransactionDeadlockOperational errorPublicKnown Issue |