8 matches found
Remote Code Execution
maildev is vulnerable to Remote Code Execution. The vulnerability is due to insufficient input validation and sanitization of crafted Content-ID header for an e-mail attachment, resulting in lib/mailserver.js writing arbitrary code into the routes.js file...
GHSA-VC6Q-CCJ9-9R89 MailDev Remote Code Execution
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
MailDev Remote Code Execution
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
CVE-2024-27448
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
CVE-2024-27448
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
CVE-2024-27448
MailDev versions 2 through 2.1.0 are vulnerable to Remote Code Execution via a crafted Content-ID header in an email attachment, causing lib/mailserver.js to write arbitrary code into routes.js. This is a network-borne vulnerability with high impact (CRITICAL CVSS 3.1), and there is public exploi...
CVE-2024-27448
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
Denial Of Service (DoS)
apostrophe is vulnerable to denial of service DoS. An attacker is able to cause an application crash by attempting to get an advisory lock on a document through self.apiRoute function in routes.js...