Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp
PHPMailer vulnerable to email header injection
Impact
Arbitrary additional email headers can be injected via crafted From or Sender headers.
Patches
Fixed in 2.2.1
Workarounds
Filter user-supplied values prior to using them in From or Sender properties.
References
https://nvd.nist.gov/vuln/detail/CVE-2012-0796
For more information
If you have any questions or comments about this advisory:
- Open a private issue in the PHPMailer project
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 12 months ago
Updated: 8 months ago
Identifiers: GHSA-398j-f7m7-795j, CVE-2012-0796
References:
- https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-398j-f7m7-795j
- https://nvd.nist.gov/vuln/detail/CVE-2012-0796
- https://bugzilla.redhat.com/show_bug.cgi?id=783532
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=62988bf0bbc73df655f51884aaf1f523928abff9
- http://moodle.org/mod/forum/discuss.php?d=194015
- http://www.debian.org/security/2012/dsa-2421
- https://github.com/advisories/GHSA-398j-f7m7-795j
Affected Packages
packagist:phpmailer/phpmailer
Versions: < 2.2.1Fixed in: 2.2.1