Lucene search

K
cvelistMitreCVELIST:CVE-2019-19920
HistoryDec 22, 2019 - 5:07 p.m.

CVE-2019-19920

2019-12-2217:07:31
mitre
www.cve.org
11
sa-exim
arbitrary code execution
cve-2019-19920
greylisting.pm

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

53.5%

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.