django-ses@0.8.14 vulnerabilities

A Django email backend for Amazon's Simple Email Service (SES)

Direct Vulnerabilities

Known vulnerabilities in the django-ses package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Server-side Request Forgery (SSRF)

django-ses is an A Django email backend for Amazon's Simple Email Service

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient signature verification in django-ses. Requests to SESEventWebhookView iare signed by AWS and are verified by django_ses, but the verification step allows users to specify arbitrary public certificates on subdomains of amazonaws.com and amazon.com.

How to fix Server-side Request Forgery (SSRF)?

Upgrade django-ses to version 3.5.0 or higher.

[,3.5.0)