Описание
Critical severity vulnerability that affects Haraka
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
Пакеты
Наименование
Haraka
npm
Затронутые версииВерсия исправления
< 2.8.9
2.8.9
Связанные уязвимости
CVSS3: 9.8
nvd
около 7 лет назад
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.