3 matches found
django-ses-sns-tracker (=1.1.5), speedpycom (=0.1.5) +1 more potentially affected by CVE-2023-33185 via django-ses (>=0.7.1 <=2.6.1)
django-ses PYPI version =0.7.1, =11.0.0, =14.4.0 Source cves: CVE-2023-33185 Source advisory: OSV:PYSEC-2023-82...
CVE-2023-33185
Django-SES (django_ses) exposes a SESEventWebhookView to verify AWS-signed requests for bounces/subscriptions. The vulnerability was due to a flawed signature verification that allowed specifying arbitrary public certificates. The issue affects django_ses up to version prior to 3.5.0 and was fixe...
CVE-2023-33185 Incorrect signature verification in django-ses
Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...