GHSA-f57v-q966-7fh6

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

Monolog Header injection in NativeMailerHandler

A header injection vulnerability has been identified in the NativeMailerHandler of the Monolog library. This vulnerability may allow an attacker to manipulate email headers when log messages are sent via email.

Ссылки

https://github.com/Seldaek/monolog/issues/458
https://github.com/Seldaek/monolog/pull/448#issuecomment-68208704
https://github.com/Seldaek/monolog/commit/515a096c864b00b3967f7f601680f85d4a2e4001
https://github.com/FriendsOfPHP/security-advisories/blob/master/monolog/monolog/2014-12-29-1.yaml

Пакеты

Наименование

monolog/monolog

composer

Затронутые версииВерсия исправления

>= 1.8.0, < 1.12.0

1.12.0

Дефекты

CWE-74

Дефекты

CWE-74