Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000089

Опубликовано: 13 мар. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 7.4

Описание

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1.4-1
devel

not-affected

1.4-1
esm-apps/bionic

not-affected

1.4-1
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

1.4-1
xenial

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 53%
0.00306
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1000089

CVSS3: 7.4
nvd
почти 8 лет назад

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.

debian логотип

CVE-2018-1000089

CVSS3: 7.4
debian
почти 8 лет назад

Anymail django-anymail version version 0.2 through 1.3 contains a CWE- ...

github логотип

GHSA-qh9x-mc42-vg4g

CVSS3: 7.4
github
больше 3 лет назад

django-anymail Includes Sensitive Information in Log Files

EPSS

Процентиль: 53%
0.00306
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3