Lucene search
K

8 matches found

Veracode
Veracode
added 2024/04/08 10:52 a.m.17 views

Remote Code Execution

maildev is vulnerable to Remote Code Execution. The vulnerability is due to insufficient input validation and sanitization of crafted Content-ID header for an e-mail attachment, resulting in lib/mailserver.js writing arbitrary code into the routes.js file...

9.1CVSS7.7AI score0.00904EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2024/04/05 6:30 a.m.35 views

GHSA-VC6Q-CCJ9-9R89 MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

9.8CVSS9.3AI score0.00904EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2024/04/05 6:30 a.m.20 views

MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

9.1CVSS8.1AI score0.00904EPSS
Exploits2References7Affected Software1
NVD
NVD
added 2024/04/05 6:15 a.m.11 views

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

9.1CVSS7.4AI score0.00904EPSS
Exploits2References5
OSV
OSV
added 2024/04/05 12:0 a.m.19 views

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

9.1CVSS8.1AI score0.00904EPSS
Exploits2References7
CVE
CVE
added 2024/04/05 12:0 a.m.91 views

CVE-2024-27448

MailDev versions 2 through 2.1.0 are vulnerable to Remote Code Execution via a crafted Content-ID header in an email attachment, causing lib/mailserver.js to write arbitrary code into routes.js. This is a network-borne vulnerability with high impact (CRITICAL CVSS 3.1), and there is public exploi...

9.1CVSS7.6AI score0.00904EPSS
Exploits2References5
Cvelist
Cvelist
added 2024/04/05 12:0 a.m.25 views

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

7.7AI score0.00904EPSS
Exploits2References5
Veracode
Veracode
added 2020/07/13 3:18 a.m.9 views

Denial Of Service (DoS)

apostrophe is vulnerable to denial of service DoS. An attacker is able to cause an application crash by attempting to get an advisory lock on a document through self.apiRoute function in routes.js...

2.7AI score
Exploits0
Rows per page
Query Builder