CVE-2016-1000282
published 2019-02-05CVE-2016-1000282: Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
13.38%
95.9th percentile
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| haraka_project | haraka | <= 2.8.8 | — |
| haraka_project | haraka | >= 0 < 2.8.9 | 2.8.9 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Critical severity vulnerability that affects Haraka
ghsa·2019-02-12
CVE-2016-1000282 [CRITICAL] CWE-77 Critical severity vulnerability that affects Haraka
Critical severity vulnerability that affects Haraka
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
OSV
Critical severity vulnerability that affects Haraka
osv·2019-02-12
CVE-2016-1000282 [CRITICAL] Critical severity vulnerability that affects Haraka
Critical severity vulnerability that affects Haraka
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-02-05
Published