CVE-2018-11805

2019-12-12T23:15:00
ID CVE-2018-11805
Type cve
Reporter cve@mitre.org
Modified 2020-01-13T19:15:00

Description

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.