GHSA-398j-f7m7-795j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-398j-f7m7-795j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-398j-f7m7-795j/GHSA-398j-f7m7-795j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-398j-f7m7-795j
- Aliases
-
- CVE-2012-0796
- Published
- 2022-10-06T21:25:46Z
- Modified
- 2023-11-08T03:57:02.744137Z
- Summary
- PHPMailer vulnerable to email header injection
- Details
-
Impact
Arbitrary additional email headers can be injected via crafted From or Sender headers.
Patches
Fixed in 2.2.1
Workarounds
Filter user-supplied values prior to using them in From or Sender properties.
References
https://nvd.nist.gov/vuln/detail/CVE-2012-0796
For more information
If you have any questions or comments about this advisory: * Open a private issue in the PHPMailer project
- Database specific
{ "nvd_published_at": "2012-07-17T10:20:00Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-10-06T21:25:46Z" }- References
-
- https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-398j-f7m7-795j
- https://nvd.nist.gov/vuln/detail/CVE-2012-0796
- https://bugzilla.redhat.com/show_bug.cgi?id=783532
- https://git.moodle.org/gw?p=moodle.git&a=commit&h=62988bf0bbc73df655f51884aaf1f523928abff9
- https://github.com/PHPMailer/PHPMailer
- http://moodle.org/mod/forum/discuss.php?d=194015
- http://www.debian.org/security/2012/dsa-2421
Affected packages
Packagist / phpmailer/phpmailer
Package
- Name
- phpmailer/phpmailer
- Purl
- pkg:composer/phpmailer/phpmailer