11 matches found
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...
PT-2026-44137
Description Symfony Mailer selects a transport via the MAILER DSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via recipient handling in SendmailTransport when using sendmail -t mode. An attacker can inject arbitrary sendmail command-line options by supplying a recipient address beginning with -, as recipient address...
EUVD-2024-51464
Malicious code in bioql PyPI...
CVE-2024-13250
Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...
CVE-2024-13250
Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...
CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014
Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...
CVE-2024-13250
CVE-2024-13250 maps to Drupal Symfony Mailer Lite CSRF vulnerability. Affected versions are 0.0.0 up to 1.0.5/1.0.6, with 1.0.6 as the fixed release. The issue allows CSRF exploitation in Drupal Symfony Mailer Lite, potentially enabling an attacker to perform unwanted actions on behalf of an auth...
CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014
Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Symfony Mailer Lite prior to version 1.0.6, which stems from the inclusion of a cross-site request forgery vulnerability...
PT-2024-10076 · Drupal · Drupal Symfony Mailer Lite
Name of the Vulnerable Software and Affected Versions: Drupal Symfony Mailer Lite versions 0.0.0 through 1.0.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can be exploited by a remote attacker to perform a CSRF attack. This vulnerability affects the...