Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp

High EPSS: 0.00388% (0.58766 Percentile) EPSS:
Permalink JSON

PHPMailer vulnerable to email header injection

Affected Packages Affected Versions Fixed Versions
packagist:phpmailer/phpmailer < 2.2.1 2.2.1
1,306 Dependent packages
19,318 Dependent repositories
79,187,334 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

5.2.2, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.20, 5.2.21, 5.2.22, 5.2.23, 5.2.24, 5.2.25, 5.2.26, 5.2.27, 5.2.28, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.7.1, 6.8.0, 6.8.1, 6.9.0, 6.9.1, 6.9.2, 6.9.3

Impact

Arbitrary additional email headers can be injected via crafted From or Sender headers.

Patches

Fixed in 2.2.1

Workarounds

Filter user-supplied values prior to using them in From or Sender properties.

References

https://nvd.nist.gov/vuln/detail/CVE-2012-0796

For more information

If you have any questions or comments about this advisory:

References:

Identifiers

GHSA-398j-f7m7-795j

CVE-2012-0796

Risk

Severity

High

EPSS

EPSS Percentage: 0.00388

EPSS Percentile: 0.58766

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PHPMailer/PHPMailer

Date and time

Published

almost 3 years ago

Updated

almost 2 years ago

API

JSON