3 matches found
TLS hostname verification disabled when using Boring TLS backend
An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...
aws-manager (>=0.0.1 <=0.21.2), aws-sdk-manager (>=0.0.0 <=0.0.10) +2 more potentially affected by unknown CVE via aws-sdk-cloudwatchlogs (>=0.10.1 <=0.31.2)
aws-sdk-cloudwatchlogs CARGO version =0.10.1, =0.0.1, =0.0.0, =1.0.0, =1.0.4 - tracing-cloudwatch =0.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
abbr (=0.0.0), aequitas (>=0.26.0 <=0.42.0) +112 more potentially affected by CVE-2018-1000656 via flask (>=0.10.1 <=0.12.2)
flask PYPI version =0.10.1, =0.26.0, =1.4.15, =0.11.1, =0.4.0, =0.1.0, =0.1.1, =0.1.17, =0.1.0, =0.4.1, =0.1.0, =0.0.1, =1.0.8, =1.1.0 and more Source cves: CVE-2018-1000656 Source advisory: OSV:PYSEC-2018-66...