Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

PT-2026-44137

Description Symfony Mailer selects a transport via the MAILER DSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via recipient handling in SendmailTransport when using sendmail -t mode. An attacker can inject arbitrary sendmail command-line options by supplying a recipient address beginning with -, as recipient address...

EUVD-2024-51464

Malicious code in bioql PyPI...

CVE-2024-13250

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250

CVE-2024-13250 maps to Drupal Symfony Mailer Lite CSRF vulnerability. Affected versions are 0.0.0 up to 1.0.5/1.0.6, with 1.0.6 as the fixed release. The issue allows CSRF exploitation in Drupal Symfony Mailer Lite, potentially enabling an attacker to perform unwanted actions on behalf of an auth...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Symfony Mailer Lite prior to version 1.0.6, which stems from the inclusion of a cross-site request forgery vulnerability...

PT-2024-10076 · Drupal · Drupal Symfony Mailer Lite

Name of the Vulnerable Software and Affected Versions: Drupal Symfony Mailer Lite versions 0.0.0 through 1.0.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can be exploited by a remote attacker to perform a CSRF attack. This vulnerability affects the...