search

silinternational / simplesamlphp-module-silauth

SimpleSAMLphp auth module implementing various security measures before calls to IdP ID Broker backend
MIT License
1 stars 4 forks source link

CVE-2020-13625 (High) detected in phpmailer/phpmailer-v6.1.5 #90

Closed mend-bolt-for-github[bot] closed 5 months ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-13625 - High Severity Vulnerability

Vulnerable Library - phpmailer/phpmailer-v6.1.5

PHPMailer is a full-featured email creation and transfer class for PHP

Library home page: https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a8bf068f64a580302026e484ee29511f661b2ad3

Dependency Hierarchy: - simplesamlphp/simplesamlphp-v1.18.7 (Root Library) - :x: **phpmailer/phpmailer-v6.1.5** (Vulnerable Library)

Found in HEAD commit: a9a6ea56561fe388debc15645b563aba771437b4

Found in base branch: develop

Vulnerability Details

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

Publish Date: 2020-06-08

URL: CVE-2020-13625

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj

Release Date: 2020-05-31

Fix Resolution: 6.1.6

Step up your Open Source Security Game with WhiteSource here

devon-sil commented 5 months ago

No longer using whitesource & this is too far out of date.