4 matches found
CVE-2020-28247
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...
GHSA-VC2P-R46X-M3VX Argument injection in lettre
Impact Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to...
CVE-2020-28247
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...
CVE-2020-28247
The CVE-2020-28247 entry concerns the lettre Rust crate (0.10.0-alpha and earlier) where the sendmail transport (transport/sendmail/mod.rs) is vulnerable to argument injection via forged to addresses. The flaw allows arbitrary options to be passed to the sendmail executable, which in some impleme...