Giters

Kreshnik / ninjecture

A simple module based architecture, for your Laravel projects :alien:.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2016-10074 High Severity Vulnerability detected by WhiteSource

mend-bolt-for-github opened this issue · comments

commented

CVE-2016-10074 - High Severity Vulnerability

Vulnerable Library - swiftmailer/swiftmailer-v5.4.1

Comprehensive mailing tools for PHP

path: null

Dependency Hierarchy:

  • laravel/framework-v5.1.20 (Root Library)
    • swiftmailer/swiftmailer-v5.4.1 (Vulnerable Library)

Vulnerability Details

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

Publish Date: 2016-12-30

URL: CVE-2016-10074

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here