GHSA-4qpj-gxxg-jqg4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4qpj-gxxg-jqg4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-4qpj-gxxg-jqg4/GHSA-4qpj-gxxg-jqg4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4qpj-gxxg-jqg4
- Published
- 2024-05-29T13:13:16Z
- Modified
- 2024-12-04T05:34:02.303434Z
- Summary
- Swiftmailer Sendmail transport arbitrary shell execution
- Details
-
Prior to 5.2.1, the sendmail transport (
Swift_Transport_SendmailTransport) was vulnerable to an arbitrary shell execution if the "From" header came from a non-trusted source and no "Return-Path" is configured. This has been fixed in 5.2.1. If you are using sendmail as a transport, you are encouraged to upgrade as soon as possible. - Database specific
{ "nvd_published_at": null, "cwe_ids": [], "github_reviewed_at": "2024-05-29T13:13:16Z", "severity": "CRITICAL", "github_reviewed": true }- References
-
- https://github.com/swiftmailer/swiftmailer/commit/b4b78af55e5e87f5ff07c06c6be7963c44562f80
- https://github.com/swiftmailer/swiftmailer/commit/efc430606a5faed864b969adfbdc5363ce2115a2
- https://github.com/FriendsOfPHP/security-advisories/blob/master/swiftmailer/swiftmailer/2014-06-13.yaml
- https://github.com/swiftmailer/swiftmailer
- https://web.archive.org/web/20150219063146/http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released
- http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released
Affected packages
Packagist / swiftmailer/swiftmailer
Package
- Name
- swiftmailer/swiftmailer
- Purl
- pkg:composer/swiftmailer/swiftmailer