Lucene search
Redhat.comRH:CVE-2020-11879HistoryAug 10, 2020 - 1:43 p.m.
CVE-2020-11879
2020-08-1013:43:44
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
50.9%
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) “mailto?attach=…” parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Mitigation
Either:
1. Do not use mailto links at all
2. Always double-check in the user interface that there are no unwanted attachments before sending emails; especially when the email originates from clicking a mailto link.
Related
debiancve
debiancve
CVE-2020-11879
2020-04-17 18:15:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1830
2021-07-02 16:39:40
nvd
nvd
CVE-2020-11879
2020-04-17 18:15:11
osv
osv
CVE-2020-11879
2020-04-17 18:15:11
cve
cve
CVE-2020-11879
2020-04-17 18:15:11
prion
prion
Code injection
2020-04-17 18:15:00
cvelist
cvelist
CVE-2020-11879
2020-04-17 17:07:41
nessus
nessus
SUSE SLED12 / SLES12 Security Update : evolution (SUSE-SU-2023:3375-1)
2023-08-23 00:00:00
RHEL 8 : evolution (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : evolution (Unpatched Vulnerability)
2024-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2020-11879
2020-04-17 00:00:00