Lucene search
Veracode Vulnerability DatabaseVERACODE:5918HistoryMar 15, 2018 - 4:36 a.m.
Information Disclosure
2018-03-1504:36:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
55.1%
django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOK_AUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your application. As well as upgrading this dependency, if the event tracking or inbound webhooks feature of Anymail is used, the WEBHOOK_AUTHORIZATION variable should be changed to WEBHOOK_SECRET in the settings.py.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django-anymail | le | 1.3 |
Related
osv
osv
PYSEC-2018-46
2018-03-13 15:29:00
CVE-2018-1000089
2018-03-13 15:29:01
django-anymail Includes Sensitive Information in Log Files
2022-05-14 03:32:28
debiancve
debiancve
CVE-2018-1000089
2018-03-13 15:29:01
cve
cve
CVE-2018-1000089
2018-03-13 15:29:01
ubuntucve
ubuntucve
CVE-2018-1000089
2018-03-13 00:00:00
github
github
django-anymail Includes Sensitive Information in Log Files
2022-05-14 03:32:28
nvd
nvd
CVE-2018-1000089
2018-03-13 15:29:01
cvelist
cvelist
CVE-2018-1000089
2018-03-13 15:00:00
prion
prion
Design/Logic Flaw
2018-03-13 15:29:00