CVE-2020-28247
MEDIUM5.3EPSS 0.26%Argument injection in sendmail transport
發布日:2021/8/25修改日:2023/11/8
描述
Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged `to` addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation (original sendmail, postfix, exim, etc.) it could be possible in some cases to write email data into arbitrary files (using sendmail's logging features). The flaw is corrected by modifying the executed command to stop parsing arguments before passing the destination addresses. NOTE: This vulnerability only affects the `sendmail` transport. Others, including `smtp`, are not affected. This vulnerability was reported by vin01.
受影響套件(2)
- crates.io/lettre>= 0.9.0, < 0.9.5
- crates.io/lettre>= 0.7.0, < 0.7.1, >= 0.8.0, < 0.8.4, >= 0.9.0, < 0.9.5, >= 0.10.0-alpha.1, < 0.10.0-alpha.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-28247
- PATCHhttps://crates.io/crates/lettre
- PATCHhttps://github.com/lettre/lettre
- WEBhttps://github.com/lettre/lettre/pull/508/commits/bbe7cc5381c5380b54fb8bbb4f77a3725917ff0b
- WEBhttps://github.com/lettre/lettre/security/advisories/GHSA-vc2p-r46x-m3vx
- WEBhttps://github.com/RustSec/advisory-db/pull/478/files
- WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0069.html