Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the CSS sanitization process for HTML email messages. An attacker can inject malicious CSS by crafting specially formatted HTML emails that exploit the lack of proper sanitization,...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the processing of HTML email content when handling the background attribute of the BODY element. An attacker can cause information disclosure or bypass access controls by sending a speciall...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized arguments in the SEARCH process. An attacker can manipulate IMAP commands or bypass cross-site request forgery protections by supplying crafted input to the mail search functionality...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can obtain sensitive information or bypass access controls by embedding specially crafted SVG content with animate attributes in an email...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of HTML e-mail messages due to insufficient sanitization of CSS. An attacker can access sensitive information or interact with internal network resources by embedding malicious styleshe...