Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rustsecRustsecRUSTSEC-2020-0069
HistoryNov 11, 2020 - 12:00 p.m.

Argument injection in sendmail transport

2020-11-1112:00:00
rustsec.org
8
lettre
sendmail
argument injection
vulnerability
command execution
destination addresses
logging features
software
vin01

EPSS

0.001

Percentile

38.4%

JSON

Affected versions of lettre allowed argument injection
to the sendmail command. It was possible, using forged to addresses,
to pass arbitrary arguments to the sendmail executable.

Depending on the implementation (original sendmail, postfix, exim, etc.)
it could be possible in some cases to write email data into arbitrary files (using sendmail’s
logging features).

The flaw is corrected by modifying the executed command to stop parsing arguments
before passing the destination addresses.

NOTE: This vulnerability only affects the sendmail transport. Others, including smtp, are not
affected.

This vulnerability was reported by vin01.

Related

prion 1
osv 3
nvd 1
cve 1
cvelist 1
github 1
prion
prion
Design/Logic Flaw
2020-11-12 18:15:00
osv
osv
Argument injection in sendmail transport
2020-11-11 12:00:00
Argument injection in lettre
2021-08-25 20:56:48
CVE-2020-28247
2020-11-12 18:15:15
nvd
nvd
CVE-2020-28247
2020-11-12 18:15:15
cve
cve
CVE-2020-28247
2020-11-12 18:15:15
cvelist
cvelist
CVE-2020-28247
2020-11-12 18:03:45
github
github
Argument injection in lettre
2021-08-25 20:56:48

EPSS

0.001

Percentile

38.4%

JSON
Related for RUSTSEC-2020-0069
prion1osv3nvd1cve1cvelist1github1