Количество 2
Количество 2
CVE-2023-33185
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.
GHSA-qg36-9jxh-fj25
Incorrect signature verification in django-ses
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-33185 Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. | CVSS3: 4.6 | 0% Низкий | больше 2 лет назад |
| GHSA-qg36-9jxh-fj25 Incorrect signature verification in django-ses | CVSS3: 4.6 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу