CVE-2021-3603

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3603

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3603.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3603

Aliases

Related

Published

2021-06-17T12:15:08Z

Modified

2024-09-11T04:47:48.350268Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.

References

Affected packages

Debian:11 / libphp-phpmailer

Package

Name: libphp-phpmailer
Purl: pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.0-2

6.6.3-1

6.8.1-1

6.9.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libphp-phpmailer

Package

Name: libphp-phpmailer
Purl: pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libphp-phpmailer

Package

Name: libphp-phpmailer
Purl: pkg:deb/debian/libphp-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/phpmailer/phpmailer

Affected ranges

Type: GIT
Repo: https://github.com/phpmailer/phpmailer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3

Affected versions

v2.*

v2.2.1

v5.*

v5.2.0

v5.2.1

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.2.15

v5.2.16

v5.2.17

v5.2.18

v5.2.19

v5.2.2

v5.2.20

v5.2.21

v5.2.22

v5.2.23

v5.2.24

v5.2.25

v5.2.4

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

v6.*

v6.0.0

v6.0.0rc1

v6.0.0rc2

v6.0.0rc3

v6.0.0rc4

v6.0.0rc5

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.2.0

v6.3.0

v6.4.0

v6.4.1