Homepage

django-ses@0.8.4 vulnerabilities

A Django email backend for Amazon's Simple Email Service (SES)

  • latest version

    4.3.2

  • latest non vulnerable version

    4.3.2

  • first published

    13 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View django-ses package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-ses package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Server-side Request Forgery (SSRF)

    django-ses is an A Django email backend for Amazon's Simple Email Service

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient signature verification in django-ses. Requests to SESEventWebhookView iare signed by AWS and are verified by django_ses, but the verification step allows users to specify arbitrary public certificates on subdomains of amazonaws.com and amazon.com.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade django-ses to version 3.5.0 or higher.

    [,3.5.0)
    Go back to all versions of this package