django-anymail@0.1.dev2 vulnerabilities

Django email backends and webhooks for Amazon SES, Brevo (Sendinblue), MailerSend, Mailgun, Mailjet, Mandrill, Postal, Postmark, Resend, SendGrid, SparkPost and Unisender Go

latest version

10.3
latest non vulnerable version

10.3
first published

8 years ago
latest version published

2 months ago
licenses detected
- BSD-2-Clause
  [0.1,10.0)
View django-anymail package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the django-anymail package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Information Exposure django-anymail is a Django email integration for Mailgun, Mailjet, Postmark, SendGrid, SendinBlue, SparkPost and other transactional ESPs. Affected versions of this package are vulnerable to Information Exposure in the `WEBHOOK_AUTHORIZATION` setting value. An attacker with access to error logs could fabricate email tracking events. If you have exposed your Django error reports, an attacker could discover your `NYMAIL_WEBHOOK` setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. How to fix Information Exposure? Upgrade `django-anymail` to version 1.4 or higher.	[,1.4)
C Timing Attack django-anymail is Python Web framework. Affected versions of this package are vulnerable to Timing Attack. An attacker could recover the `WEBHOOK_AUTHORIZATION`shared secret and post fabricated or malicious email tracking events to the app. How to fix Timing Attack? Upgrade `django-anymail` to version 1.2.1 or higher.	[,1.2.1)

Information Exposure

django-anymail is a Django email integration for Mailgun, Mailjet, Postmark, SendGrid, SendinBlue, SparkPost and other transactional ESPs.

Affected versions of this package are vulnerable to Information Exposure in the WEBHOOK_AUTHORIZATION setting value. An attacker with access to error logs could fabricate email tracking events. If you have exposed your Django error reports, an attacker could discover your NYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app.

How to fix Information Exposure?

Upgrade django-anymail to version 1.4 or higher.

[,1.4)

Timing Attack

django-anymail is Python Web framework.

Affected versions of this package are vulnerable to Timing Attack. An attacker could recover the WEBHOOK_AUTHORIZATIONshared secret and post fabricated or malicious email tracking events to the app.

How to fix Timing Attack?

Upgrade django-anymail to version 1.2.1 or higher.

[,1.2.1)

Go back to all versions of this package

django-anymail@0.1.dev2 vulnerabilities

Django email backends and webhooks for Amazon SES, Brevo (Sendinblue), MailerSend, Mailgun, Mailjet, Mandrill, Postal, Postmark, Resend, SendGrid, SparkPost and Unisender Go

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities