Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp

PHPMailer vulnerable to email header injection

Impact

Arbitrary additional email headers can be injected via crafted From or Sender headers.

Patches

Fixed in 2.2.1

Workarounds

Filter user-supplied values prior to using them in From or Sender properties.

References

https://nvd.nist.gov/vuln/detail/CVE-2012-0796

For more information

If you have any questions or comments about this advisory:

Permalink: https://github.com/advisories/GHSA-398j-f7m7-795j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 12 months ago
Updated: 8 months ago


Identifiers: GHSA-398j-f7m7-795j, CVE-2012-0796
References:

Affected Packages

packagist:phpmailer/phpmailer
Versions: < 2.2.1
Fixed in: 2.2.1