GHSA-398j-f7m7-795j

Suggest an improvement
Source
https://github.com/advisories/GHSA-398j-f7m7-795j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-398j-f7m7-795j/GHSA-398j-f7m7-795j.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-398j-f7m7-795j
Aliases
  • CVE-2012-0796
Published
2022-10-06T21:25:46Z
Modified
2023-11-01T04:44:38.983632Z
Summary
PHPMailer vulnerable to email header injection
Details

Impact

Arbitrary additional email headers can be injected via crafted From or Sender headers.

Patches

Fixed in 2.2.1

Workarounds

Filter user-supplied values prior to using them in From or Sender properties.

References

https://nvd.nist.gov/vuln/detail/CVE-2012-0796

For more information

If you have any questions or comments about this advisory: * Open a private issue in the PHPMailer project

Database specific
{
    "nvd_published_at": "2012-07-17T10:20:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-06T21:25:46Z"
}
References

Affected packages

Packagist / phpmailer/phpmailer

Package

Name
phpmailer/phpmailer
Purl
pkg:composer/phpmailer/phpmailer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.1