Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-24838
HistoryApr 11, 2022 - 9:15 p.m.

Command injection

2022-04-1121:15:00
PRIOn knowledge base
www.prio-n.com
1

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:<BOOKING USER'S EMAIL> SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available.

CPENameOperatorVersion
calendarlt3.2.2

Related

nessus 1
osv 1
freebsd 1
cve 1
nvd 1
nextcloud 1
cvelist 1
nessus
nessus
FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)
2022-04-17 00:00:00
osv
osv
CVE-2022-24838
2022-04-11 21:15:08
freebsd
freebsd
Nextcloud Calendar -- SMTP Command Injection
2022-04-11 00:00:00
cve
cve
CVE-2022-24838
2022-04-11 21:15:08
nvd
nvd
CVE-2022-24838
2022-04-11 21:15:08
nextcloud
nextcloud
Command Injection in Appointment Emails for Calendar
2022-04-11 13:51:55
cvelist
cvelist
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
2022-04-11 20:25:13

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for PRION:CVE-2022-24838
nessus1osv1freebsd1cve1nvd1nextcloud1cvelist1