CVE-2018-11781
published 2018-09-17CVE-2018-11781: Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | spamassassin | < 3.4.2 | 3.4.2 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.14.04.1 | 3.4.2-0ubuntu0.14.04.1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.16.04.1 | 3.4.2-0ubuntu0.16.04.1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.18.04.1 | 3.4.2-0ubuntu0.18.04.1 |
| apache_software_foundation | apache_spamassassin | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | spamassassin | < spamassassin 3.4.2-1 (bookworm) | spamassassin 3.4.2-1 (bookworm) |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH