9 matches found
Debian DSA-4107-1 : django-anymail - security update
It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOKAUTHORIZATION secret and post arbitrary email tracking events. C Tenable Network Security, Inc. Th...
[SECURITY] [DSA 4107-1] django-anymail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4107-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4107-1] django-anymail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4107-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq -...
anymail-history (=0.1.8), bmds-ui (>=24.1.0 <=25.1.0) +31 more potentially affected by CVE-2018-6596 via django-anymail (>=0.9.0 <=15.0.0)
django-anymail PYPI version =0.9.0, =24.1.0, =0.4.10, =2.18.0, =0.1.3, =1.0.5, =0.1.0, =0.5.34, =0.1.0a1, =0.0.1, =1.2.0, =2.1.0, =1.0.0, =1.4.3 and more Source cves: CVE-2018-6596 Source advisory: OSV:PYSEC-2018-7...
CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
DEBIAN-CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
CVE-2018-6596
CVE-2018-6596 affects Anymail (django-anymail) webhooks/base.py, where a timing attack on the WEBHOOK_AUTHORIZATION secret can let remote attackers post arbitrary email tracking events. Affected versions are before 1.2.1. Remediation as per sources: upgrade to Django-Anymail 1.2.1 or later; Debia...
CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...