Signature Validation Bypass

2023-06-0104:31:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

signature validation

bypass

aws certificates

vulnerability

django_ses

0.001 Low

EPSS

Percentile

29.1%

JSON

django_ses is vulnerable to Signature Validation Bypass. The vulnerability exists in utils.py due to a lack of validation in AWS certificates because an attacker can specify arbitrary public certificates.

CPENameOperatorVersion
django-sesle1.0.3
django-sesle2.6.1
django-sesle3.4.1
django-sesle1.0.3
django-sesle2.6.1
django-sesle3.4.1

Name	Operator	Version
django-ses	le	1.0.3
django-ses	le	2.6.1
django-ses	le	3.4.1
django-ses	le	1.0.3
django-ses	le	2.6.1
django-ses	le	3.4.1

References

github.com/advisories/GHSA-qg36-9jxh-fj25

github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md

github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795

github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for VERACODE:40750