django_ses is vulnerable to Signature Validation Bypass. The vulnerability exists in utils.py
due to a lack of validation in AWS certificates because an attacker can specify arbitrary public certificates.
CPE | Name | Operator | Version |
---|---|---|---|
django-ses | le | 1.0.3 | |
django-ses | le | 2.6.1 | |
django-ses | le | 3.4.1 | |
django-ses | le | 1.0.3 | |
django-ses | le | 2.6.1 | |
django-ses | le | 3.4.1 |
github.com/advisories/GHSA-qg36-9jxh-fj25
github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md
github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795
github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25