CVE-2019-10740

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

References

Affected packages

Git / github.com/roundcube/roundcubemail

Affected ranges

Type: GIT
Repo: https://github.com/roundcube/roundcubemail
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2348899a3fc4bcc44827d1911870a452ae6014ea

Affected versions

1.*

1.1-beta

1.1-rc

1.1.0

1.2-beta

1.2-rc

1.3-beta

1.3-rc

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

v0.*

v0.1-beta2

v1.*

v1.0-beta

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10740.json"

Git / github.com/sqlalchemy/sqlalchemy

Affected ranges

Type: GIT
Repo: https://github.com/sqlalchemy/sqlalchemy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

57e2433dcd8fc2d030d43b72009079ae175c5480

Affected versions

Other

origin

rel_0_1_0

rel_0_1_1

rel_0_1_2

rel_0_1_3

rel_0_1_4

rel_0_1_5

rel_0_1_6

rel_0_1_7

rel_0_2_0

rel_0_2_1

rel_0_2_2

rel_0_2_3

rel_0_2_4

rel_0_2_5

rel_0_2_6

rel_0_2_7

rel_0_2_8

rel_0_3_0

rel_0_3_1

rel_0_3_10

rel_0_3_2

rel_0_3_3

rel_0_3_4

rel_0_3_5

rel_0_3_6

rel_0_3_7

rel_0_3_8

rel_0_3_9

rel_0_4_0

rel_0_4_1

rel_0_4_2

rel_0_4_2a

rel_0_4_2b

rel_0_4_2p3

rel_0_4_3

rel_0_4_4

rel_0_4_5

rel_0_4beta1

rel_0_4beta2

rel_0_4beta3

rel_0_4beta4

rel_0_4beta6

rel_0_5_0

rel_0_5_1

rel_0_5_2

rel_0_5_3

rel_0_5_4

rel_0_5_4p1

rel_0_5_4p2

rel_0_5_5

rel_0_5beta1

rel_0_5beta2

rel_0_5beta3

rel_0_5rc1

rel_0_5rc2

rel_0_5rc3

rel_0_5rc4

rel_0_6_0

rel_0_6_1

rel_0_6_2

rel_0_6_3

rel_0_6_4

rel_0_6_5

rel_0_6beta1

rel_0_6beta2

rel_0_6beta3

rel_0_7_0

rel_0_7_1

rel_0_7_2

rel_0_7_3

rel_0_7_4

rel_0_7_5

rel_0_7_6

rel_0_7b1

rel_0_7b2

rel_0_7b3

rel_0_7b4

rel_0_8_0

rel_0_8_0b1

rel_0_8_0b2

rel_0_8_1

rel_0_9_0

rel_0_9_0b1

rel_0_9_1

rel_0_9_2

rel_0_9_3

rel_0_9_4

rel_1_0_0

rel_1_0_0_b3

rel_1_0_0b1

rel_1_0_0b2

rel_1_0_0b4

rel_1_0_0b5

rel_1_0_1

rel_1_0_2

rel_1_0_3

rel_1_0_4

rel_1_0_5

rel_1_0_6

rel_1_0_7

rel_1_0_8

rel_1_1_0

rel_1_1_0b2

rel_1_1_0b3

rel_1_1_1

rel_1_1_2

rel_1_1_3

rel_1_1_4

rel_1_1_5

rel_1_1_6

rel_1_2_0

rel_1_2_0b1

rel_1_2_0b2

rel_1_2_1

rel_1_2_2

rel_1_2_3

rel_1_2_4

rel_1_3_0

rel_1_3_0b1

rel_1_3_0b2

rel_1_3_0b3

rel_1_3_1

rel_1_3_2

rel_1_3_3

rel_1_3_4

rel_1_3_5

rel_1_3_6

rel_1_3_7

rel_1_3_8

rel_1_3_9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10740.json"