In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-03-25T09:20:11
Updated: 2021-05-26T11:08:51
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1946
JSON object: View
NVD Information
Status : Modified
Published: 2021-03-25T10:15:11.727
Modified: 2023-11-07T03:19:37.797
Link: CVE-2020-1946
JSON object: View
Redhat Information
No data.
CWE