CVE-2016-10074

Опубликовано: 30 дек. 2016

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 9.8

Описание

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	5.4.2-1.1
cosmic	released	5.4.2-1.1
devel	needs-triage
disco	released	5.4.2-1.1
eoan	released	5.4.2-1.1
esm-apps/bionic	released	5.4.2-1.1
esm-apps/focal	released	5.4.2-1.1
esm-apps/jammy	released	5.4.2-1.1
esm-apps/noble	released	5.4.2-1.1

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2016-10074

CVSS3: 9.8

nvd

около 9 лет назад

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

CVE-2016-10074

CVSS3: 9.8

debian

около 9 лет назад

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...

GHSA-pr44-4jfr-286m

CVSS3: 9.8

github

больше 3 лет назад

Swift Mailer mail transport Command Injection

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2016-10074

Описание

Пакет libphp-swiftmailer

Ссылки на источники

Связанные уязвимости