Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-VC2P-R46X-M3VX
HistoryAug 25, 2021 - 8:56 p.m.

Argument injection in lettre

2021-08-2520:56:48
Google
osv.dev
11
lettre
argument injection
sendmail
arbitrary arguments
vulnerability
fix
rust
cve-2020-28247

EPSS

0.001

Percentile

38.4%

JSON

Impact

Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable.

Depending on the implementation (original sendmail, postfix, exim, etc.) it could be possible in some cases to write email data into abritrary files (using sendmail’s logging features).

NOTE: This vulnerability only affects the sendmail transport. Others, including smtp, are not affected.

Fix

The flaw is corrected by modifying the executed command to stop parsing arguments before passing the destination addresses.

References

Related

osv 2
nvd 1
prion 1
cve 1
cvelist 1
rustsec 1
github 1
osv
osv
Argument injection in sendmail transport
2020-11-11 12:00:00
CVE-2020-28247
2020-11-12 18:15:15
nvd
nvd
CVE-2020-28247
2020-11-12 18:15:15
prion
prion
Design/Logic Flaw
2020-11-12 18:15:00
cve
cve
CVE-2020-28247
2020-11-12 18:15:15
cvelist
cvelist
CVE-2020-28247
2020-11-12 18:03:45
rustsec
rustsec
Argument injection in sendmail transport
2020-11-11 12:00:00
github
github
Argument injection in lettre
2021-08-25 20:56:48

EPSS

0.001

Percentile

38.4%

JSON
Related for OSV:GHSA-VC2P-R46X-M3VX
osv2nvd1prion1cve1cvelist1rustsec1github1