Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000089

Опубликовано: 13 мар. 2018
Источник: nvd
CVSS3: 7.4
CVSS2: 4.3
EPSS Низкий

Описание

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:django-anymail_project:django-anymail:*:*:*:*:*:*:*:*
Версия от 0.2 (включая) до 1.3 (включая)

EPSS

Процентиль: 53%
0.00306
Низкий

7.4 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

ubuntu логотип

CVE-2018-1000089

CVSS3: 7.4
ubuntu
почти 8 лет назад

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.

debian логотип

CVE-2018-1000089

CVSS3: 7.4
debian
почти 8 лет назад

Anymail django-anymail version version 0.2 through 1.3 contains a CWE- ...

github логотип

GHSA-qh9x-mc42-vg4g

CVSS3: 7.4
github
больше 3 лет назад

django-anymail Includes Sensitive Information in Log Files

EPSS

Процентиль: 53%
0.00306
Низкий

7.4 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-532