Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3

Monolog Header injection in NativeMailerHandler

A header injection vulnerability has been identified in the NativeMailerHandler of the Monolog library. This vulnerability may allow an attacker to manipulate email headers when log messages are sent via email.

Permalink: https://github.com/advisories/GHSA-f57v-q966-7fh6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 6 months ago
Updated: 6 months ago


Identifiers: GHSA-f57v-q966-7fh6
References: Repository: https://github.com/Seldaek/monolog
Blast Radius: 0.0

Affected Packages

packagist:monolog/monolog
Dependent packages: 6,809
Dependent repositories: 557,184
Downloads: 736,165,766 total
Affected Version Ranges: >= 1.8.0, < 1.12.0
Fixed in: 1.12.0
All affected versions: 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.11.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.12.0, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.17.1, 1.17.2, 1.18.0, 1.18.1, 1.18.2, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.22.1, 1.23.0, 1.24.0, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.26.0, 1.26.1, 1.27.0, 1.27.1, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.4.0, 3.5.0, 3.6.0, 3.7.0