Vulnerabilities > Django Anymail Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000089 | Information Exposure Through Log Files vulnerability in Django-Anymail Project Django-Anymail Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. | 7.4 |
| 2018-02-03 | CVE-2018-6596 | Information Exposure vulnerability in multiple products webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. | 9.1 |