In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-12-12T22:11:05
Updated: 2020-04-04T20:06:03
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11805
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-12T23:15:11.947
Modified: 2023-11-07T02:51:48.520
Link: CVE-2018-11805
JSON object: View
Redhat Information
No data.
CWE