webhooks/base.py in Anymail (aka django-anymail) prior to 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote malicious users to post arbitrary e-mail tracking events.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
django-anymail project django-anymail |
||
debian debian linux 9.0 |