CVE-2020-36326

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36326
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36326.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-36326
Aliases
Related
Published
2021-04-28T03:15:07Z
Modified
2024-10-12T06:36:55.761050Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.

References

Affected packages

Debian:11 / libphp-phpmailer

Package

Name
libphp-phpmailer
Purl
pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libphp-phpmailer

Package

Name
libphp-phpmailer
Purl
pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libphp-phpmailer

Package

Name
libphp-phpmailer
Purl
pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/phpmailer/phpmailer

Affected ranges

Type
GIT
Repo
https://github.com/phpmailer/phpmailer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events

Affected versions

v2.*

v2.2.1

v5.*

v5.2.0
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.2
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9

v6.*

v6.0.0
v6.0.0rc1
v6.0.0rc2
v6.0.0rc3
v6.0.0rc4
v6.0.0rc5
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7