Closed mend-bolt-for-github[bot] closed 5 months ago
PHPMailer is a full-featured email creation and transfer class for PHP
Library home page: https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a8bf068f64a580302026e484ee29511f661b2ad3
Dependency Hierarchy: - simplesamlphp/simplesamlphp-v1.18.7 (Root Library) - :x: **phpmailer/phpmailer-v6.1.5** (Vulnerable Library)
Found in HEAD commit: a9a6ea56561fe388debc15645b563aba771437b4
Found in base branch: develop
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
Publish Date: 2020-06-08
URL: CVE-2020-13625
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
Release Date: 2020-05-31
Fix Resolution: 6.1.6
Step up your Open Source Security Game with WhiteSource here
No longer using whitesource & this is too far out of date.
CVE-2020-13625 - High Severity Vulnerability
Vulnerable Library - phpmailer/phpmailer-v6.1.5
PHPMailer is a full-featured email creation and transfer class for PHP
Library home page: https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a8bf068f64a580302026e484ee29511f661b2ad3
Dependency Hierarchy: - simplesamlphp/simplesamlphp-v1.18.7 (Root Library) - :x: **phpmailer/phpmailer-v6.1.5** (Vulnerable Library)
Found in HEAD commit: a9a6ea56561fe388debc15645b563aba771437b4
Found in base branch: develop
Vulnerability Details
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
Publish Date: 2020-06-08
URL: CVE-2020-13625
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
Release Date: 2020-05-31
Fix Resolution: 6.1.6
Step up your Open Source Security Game with WhiteSource here