0.003 Low
EPSS
Percentile
65.3%
neomutt does not perform secure validation. The newsrc.c does not properly restrict '/ characters, which could result in unsafe interaction with cache pathnames.
newsrc.c
/
github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
lists.debian.org/debian-lts-announce/2018/08/msg00001.html
neomutt.org/2018/07/16/release
security-tracker.debian.org/tracker/CVE-2018-14363
www.debian.org/security/2018/dsa-4277