hannob
commented
3 years ago I'm no longer using squirrelmail, so I can't test this. Not sure what to do about it, I guess I'll add a note to the README that this is unmaintained.
Open nomis opened 3 years ago
hannob
commented
3 years ago I'm no longer using squirrelmail, so I can't test this. Not sure what to do about it, I guess I'll add a note to the README that this is unmaintained.
Convert the data required for attachments into a simple array and then recreate the object array on decode.
The fix for CVE-2018-8741 looks incomplete because "attachments" is deserialized in two places but the filenames are only checked in one of them. This check is now made every time "attachments" is decoded.