swiftmailer/swiftmailer is vulnerable to arbitrary code execution. The malicious code can be passed through the extraParams
variable used to send extra parameters if the From
, ReturnPath
or Sender
header came from a non-trusted source.
CPE | Name | Operator | Version |
---|---|---|---|
swiftmailer/swiftmailer | le | 5.4.4 |
github.com/swiftmailer/swiftmailer/blob/545ce9136690cea74f98f86fbb9c92dd9ab1a756/lib/classes/Swift/Transport/MailTransport.php#L253
github.com/swiftmailer/swiftmailer/blob/e34123081ded3fbb4d8ccdff9ece3a4c8f6046b5/CHANGES#L13
github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
github.com/swiftmailer/swiftmailer/pull/846