CVE-2023-33185

Name of the Vulnerable Software and Affected Versions Django-SES versions prior to 3.5.0

Description The django ses library, a mail backend for Django using AWS Simple Email Service, has a flaw in the verification of signed requests from AWS. The SESEventWebhookView class is intended to handle email bounces, subscriptions, etc., but the verification of the signature allowed users to specify arbitrary public certificates.

Recommendations For versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the SESEventWebhookView class until the update is applied.