CVE-2016-1000282

CRITICAL9.8EPSS 68.3%

Critical severity vulnerability that affects Haraka

Published: 2/12/2019Modified: 11/8/2023

Description

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.

Affected packages (1)

npm/Harakafrom 0, < 2.8.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://github.com/advisories/GHSA-w5m8-5v9m-xhx5
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000282
WEBhttps://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py