GHSA-f57v-q966-7fh6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f57v-q966-7fh6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-f57v-q966-7fh6/GHSA-f57v-q966-7fh6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f57v-q966-7fh6
- Published
- 2024-05-15T23:08:13Z
- Modified
- 2024-11-29T05:40:52.145864Z
- Summary
- Monolog Header injection in NativeMailerHandler
- Details
-
A header injection vulnerability has been identified in the NativeMailerHandler of the Monolog library. This vulnerability may allow an attacker to manipulate email headers when log messages are sent via email.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2024-05-15T23:08:13Z", "cwe_ids": [ "CWE-74" ], "severity": "LOW", "github_reviewed": true }- References
-
- https://github.com/Seldaek/monolog/issues/458
- https://github.com/Seldaek/monolog/pull/448#issuecomment-68208704
- https://github.com/Seldaek/monolog/commit/515a096c864b00b3967f7f601680f85d4a2e4001
- https://github.com/FriendsOfPHP/security-advisories/blob/master/monolog/monolog/2014-12-29-1.yaml
- https://github.com/Seldaek/monolog
Affected packages
Packagist / monolog/monolog
Package
- Name
- monolog/monolog
- Purl
- pkg:composer/monolog/monolog