CVE-2021-37746Open Redirect in Claws-mail

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 34.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Claws-mailSylpheed Project SylpheedFedoraproject Fedora
Timeline
PublishedJul 30
Latest updateMay 24

Description

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDclaws-mail/claws-mail< 3.18.0
Debianclaws-mail/claws-mail< 3.18.0-1+2

Also affects: Fedora 33, 34

Patches

Patch: claws-mail.orgPatch: sylpheed.sraoss.jpPatch: claws-mail.org

🔴Vulnerability Details

3
GHSA
GHSA-7cx5-4rpx-pcm3: textview_uri_security_check in textview2022-05-24
OSV
CVE-2021-37746: textview_uri_security_check in textview2021-07-30
CVEList
CVE-2021-37746: textview_uri_security_check in textview2021-07-30

📋Vendor Advisories

1
Debian
CVE-2021-37746: claws-mail - textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylph...2021
CVE-2021-37746 — Open Redirect in Claws-mail | cvebase