Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bloop Airmail for macOS 安全漏洞
Vulnerability Description
Bloop Airmail for macOS是意大利Bloop公司的一款基于macOS平台的电子邮件应用程序。 基于macOS平台的Bloop Airmail 3 3.5.9版本中存在安全漏洞。攻击者可借助airmail:// URL scheme中的‘send’命令利用该漏洞使用目标账户向目标地址发送任意邮件。
CVSS Information
N/A
Vulnerability Type
N/A