Описание
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands.
Ссылки
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.6 (исключая)
Одно из
cpe:2.3:a:lettre:lettre:*:*:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:alpha1:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:alpha2:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:alpha3:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:alpha4:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:alpha5:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:beta1:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:beta2:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:beta3:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:beta4:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:rc1:*:*:*:rust:*:*
cpe:2.3:a:lettre:lettre:0.10.0:rc2:*:*:*:rust:*:*
EPSS
Процентиль: 64%
0.00477
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
EPSS
Процентиль: 64%
0.00477
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77