29 matches found
GHSA-QH9X-MC42-VG4G django-anymail Includes Sensitive Information in Log Files
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
django-anymail Includes Sensitive Information in Log Files
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
anymail-history (=0.1.8), bmds-ui (>=24.1.0 <=25.1.0) +30 more potentially affected by CVE-2018-1000089 via django-anymail (>=0.9.0 <=15.0.0)
django-anymail PYPI version =0.9.0, =24.1.0, =0.4.10, =0.1.3, =1.0.5, =0.1.0, =0.5.34, =0.1.0a1, =0.0.1, =1.2.0, =2.1.0, =1.0.0, =2026.3.27, =2026.3.28 and more Source cves: CVE-2018-1000089 Source advisory: OSV:GHSA-QH9X-MC42-VG4G...
anymail-history (=0.1.8), bmds-ui (>=24.1.0 <=25.1.0) +30 more potentially affected by CVE-2018-6596 via django-anymail (>=0.9.0 <=15.0.0)
django-anymail PYPI version =0.9.0, =24.1.0, =0.4.10, =0.1.3, =1.0.5, =0.1.0, =0.5.34, =0.1.0a1, =0.0.1, =1.2.0, =2.1.0, =1.0.0, =2026.3.27, =2026.3.28 and more Source cves: CVE-2018-6596 Source advisory: OSV:GHSA-HXF9-7H4C-F5JV...
Django-Anymail prone to a timing attack
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
GHSA-HXF9-7H4C-F5JV Django-Anymail prone to a timing attack
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
Information Disclosure
django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...
CVE-2018-1000089
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
CVE-2018-1000089
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
PYSEC-2018-46
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
Design/Logic Flaw
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
anymail-history (=0.1.8), bmds-ui (>=24.1.0 <=25.1.0) +30 more potentially affected by CVE-2018-1000089 via django-anymail (>=0.9.0 <=15.0.0)
django-anymail PYPI version =0.9.0, =24.1.0, =0.4.10, =0.1.3, =1.0.5, =0.1.0, =0.5.34, =0.1.0a1, =0.0.1, =1.2.0, =2.1.0, =1.0.0, =2026.3.27, =2026.3.28 and more Source cves: CVE-2018-1000089 Source advisory: OSV:PYSEC-2018-46...
CVE-2018-1000089
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
PYSEC-2018-46
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
CVE-2018-1000089
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
CVE-2018-1000089
The CVE-2018-1000089 entry relates to django-anymail (versions 0.2 to 1.3) exposing a CWE-532/CWE-209 flaw in the WEBHOOK_AUTHORIZATION setting. An attacker who can access Django error logs could discover ANYMAIL_WEBHOOK and post fabricated inbound/tracking events, potentially impacting the targe...
CVE-2018-1000089
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...
Debian DSA-4107-1 : django-anymail - security update
It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOKAUTHORIZATION secret and post arbitrary email tracking events. C Tenable Network Security, Inc. Th...
[SECURITY] [DSA 4107-1] django-anymail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4107-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4107-1] django-anymail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4107-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2018 https://www.debian.org/security/faq -...