漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Incorrect signature verification in django-ses
Vulnerability Description
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Django-SES 数据伪造问题漏洞
Vulnerability Description
Django-SES是亚马逊简单电子邮件服务的 Django 电子邮件后端。 Django-SES 3.5.0之前版本存在安全漏洞,该漏洞源于允许用户指定任意公共证书。
CVSS Information
N/A
Vulnerability Type
N/A