4 matches found
Code injection
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...
CVE-2018-6596
CVE-2018-6596 affects Anymail (django-anymail) webhooks/base.py, where a timing attack on the WEBHOOK_AUTHORIZATION secret can let remote attackers post arbitrary email tracking events. Affected versions are before 1.2.1. Remediation as per sources: upgrade to Django-Anymail 1.2.1 or later; Debia...
CVE-2018-6596
webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...