CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1120 vulnerabilities reference this CWE, most recent first.
GHSA-Q9RH-69GG-78FC
Vulnerability from github – Published: 2025-09-10 18:30 – Updated: 2025-09-10 18:30A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.
{
"affected": [],
"aliases": [
"CVE-2025-20248"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-10T16:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\n\nThis vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.",
"id": "GHSA-q9rh-69gg-78fc",
"modified": "2025-09-10T18:30:15Z",
"published": "2025-09-10T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20248"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrsig-UY4zRUCG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QC4C-822V-VP4M
Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-19 00:37A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
{
"affected": [],
"aliases": [
"CVE-2024-41165"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T23:15:08Z",
"severity": "HIGH"
},
"details": "A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions.",
"id": "GHSA-qc4c-822v-vp4m",
"modified": "2024-12-19T00:37:35Z",
"published": "2024-12-19T00:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41165"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1977"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCCP-2VXV-82W5
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
{
"affected": [],
"aliases": [
"CVE-2024-13172"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:29Z",
"severity": "HIGH"
},
"details": "Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.",
"id": "GHSA-qccp-2vxv-82w5",
"modified": "2025-01-14T18:32:02Z",
"published": "2025-01-14T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13172"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCJ7-G2J5-G7R3
Vulnerability from github – Published: 2018-10-17 16:24 – Updated: 2025-09-02 20:27In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk14"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1000342"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:51:36Z",
"nvd_published_at": "2018-06-04T13:29:00Z",
"severity": "HIGH"
},
"details": "In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.",
"id": "GHSA-qcj7-g2j5-g7r3",
"modified": "2025-09-02T20:27:34Z",
"published": "2018-10-17T16:24:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000342"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"type": "PACKAGE",
"url": "https://github.com/bcgit/bc-java"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181127-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3727-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification"
}
GHSA-QCP7-R34X-6GV6
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-07-14 18:31An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2026-0265"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T18:16:14Z",
"severity": "HIGH"
},
"details": "An authentication bypass vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.\n\n\n\nThe risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma Access\u00ae are not impacted by this vulnerability.",
"id": "GHSA-qcp7-r34x-6gv6",
"modified": "2026-07-14T18:31:44Z",
"published": "2026-05-13T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0265"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0265"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-QF3Q-3H68-MMH2
Vulnerability from github – Published: 2026-05-07 21:30 – Updated: 2026-05-08 18:31A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module's dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running "rm go.sum ; go mod tidy ; go mod verify", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.
{
"affected": [],
"aliases": [
"CVE-2026-42501"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T20:16:44Z",
"severity": "HIGH"
},
"details": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"id": "GHSA-qf3q-3h68-mmh2",
"modified": "2026-05-08T18:31:28Z",
"published": "2026-05-07T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://go.dev/cl/775321"
},
{
"type": "WEB",
"url": "https://go.dev/issue/79070"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4984"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF7V-8HJ3-4XW7
Vulnerability from github – Published: 2020-05-06 19:41 – Updated: 2024-10-23 15:55PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertions that have been signed.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pysaml2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5390"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2020-05-06T19:39:39Z",
"nvd_published_at": "2020-01-13T19:15:00Z",
"severity": "HIGH"
},
"details": "PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertions that have been signed.",
"id": "GHSA-qf7v-8hj3-4xw7",
"modified": "2024-10-23T15:55:36Z",
"published": "2020-05-06T19:41:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5390"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e"
},
{
"type": "PACKAGE",
"url": "https://github.com/IdentityPython/pysaml2"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md#500-2020-01-13"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/releases"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qf7v-8hj3-4xw7"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2020-94.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html"
},
{
"type": "WEB",
"url": "https://pypi.org/project/pysaml2/5.0.0"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4245-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4630"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Improper Verification of Cryptographic Signature in PySAML2"
}
GHSA-QFHC-HXG2-G92X
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
{
"affected": [],
"aliases": [
"CVE-2019-16732"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-13T21:15:00Z",
"severity": "HIGH"
},
"details": "Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.",
"id": "GHSA-qfhc-hxg2-g92x",
"modified": "2022-05-24T17:03:35Z",
"published": "2022-05-24T17:03:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16732"
},
{
"type": "WEB",
"url": "https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QFV9-WMF6-2J52
Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-19 00:37A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
{
"affected": [],
"aliases": [
"CVE-2024-43106"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T23:15:08Z",
"severity": "HIGH"
},
"details": "A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions.",
"id": "GHSA-qfv9-wmf6-2j52",
"modified": "2024-12-19T00:37:35Z",
"published": "2024-12-19T00:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43106"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1976"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1976"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QG36-9JXH-FJ25
Vulnerability from github – Published: 2023-05-22 19:41 – Updated: 2024-11-18 16:26The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django-ses"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-33185"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-22T19:41:56Z",
"nvd_published_at": "2023-05-26T21:15:20Z",
"severity": "LOW"
},
"details": "The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates.",
"id": "GHSA-qg36-9jxh-fj25",
"modified": "2024-11-18T16:26:29Z",
"published": "2023-05-22T19:41:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33185"
},
{
"type": "WEB",
"url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795"
},
{
"type": "PACKAGE",
"url": "https://github.com/django-ses/django-ses"
},
{
"type": "WEB",
"url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-ses/PYSEC-2023-82.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Incorrect signature verification in django-ses"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.