CVE-2016-1000282

CRITICAL9.8EPSS 68.3%

Critical severity vulnerability that affects Haraka

發布日:2019/2/12修改日:2023/11/8

描述

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.

受影響套件(1)

npm/Harakafrom 0, < 2.8.9

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://github.com/advisories/GHSA-w5m8-5v9m-xhx5
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000282
WEBhttps://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py