Vulnerabilities > Django Anymail Project

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1000089 Information Exposure Through Log Files vulnerability in Django-Anymail Project Django-Anymail
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events.
4.3
2018-02-03 CVE-2018-6596 Information Exposure vulnerability in multiple products
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
network
low complexity
django-anymail-project debian CWE-200
6.4