CVE-2018-11781

CWE-94 — Code Injection11 documents8 sources

Severity

7.8HIGH

EPSS

0.3%

top 51.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Spamassassin Apache Software Foundation Apache Spamassassin Canonical Ubuntu Linux +5 more

Timeline

PublishedSep 17

Latest updateMay 14

Description

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDapache/spamassassin< 3.4.2

▶CVEListV5apache_software_foundation/apache_spamassassinbefore 3.4.2

▶Debianspamassassin< 3.4.2-1+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.5

🔴Vulnerability Details

GHSA

GHSA-qvvf-537j-pvg4: Apache SpamAssassin 3↗2022-05-14

▶

OSV

spamassassin vulnerabilities↗2018-11-06

▶

OSV

CVE-2018-11781: Apache SpamAssassin 3↗2018-09-17

▶

CVEList

CVE-2018-11781: Apache SpamAssassin 3↗2018-09-17

▶

📋Vendor Advisories

Ubuntu

SpamAssassin vulnerabilities↗2018-12-05

▶

Ubuntu

SpamAssassin vulnerabilities↗2018-11-06

▶

Red Hat

spamassassin: Local user code injection in the meta rule syntax↗2018-09-17

▶

Debian

CVE-2018-11781: spamassassin - Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syn...↗2018

▶

💬Community

Bugzilla

CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax↗2018-09-17

▶

Bugzilla

CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all]↗2018-09-17

▶