EPSS
Percentile
82.3%
apache spamassassin is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via nefarious rule configuration (.cf) files.
bz.apache.org/SpamAssassin/show_bug.cgi?id=7648
lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E
seclists.org/bugtraq/2020/Feb/1
usn.ubuntu.com/4265-1/
usn.ubuntu.com/4265-2/
www.debian.org/security/2020/dsa-4615