Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bloop Airmail for macOS 授权问题漏洞
Vulnerability Description
Bloop Airmail for macOS是意大利Bloop公司的一款基于macOS平台的电子邮件应用程序。 基于macOS平台的Bloop Airmail 3 3.5.9版本中存在安全漏洞。攻击者可借助airmail:// URL scheme中的‘send’命令利用该漏洞在不经身份验证的情况下借助活跃账户向目标地址发送任意邮件。
CVSS Information
N/A
Vulnerability Type
N/A