Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache SpamAssassin has an OS Command Injection vulnerability
Vulnerability Description
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Apache SpamAssassin 操作系统命令注入漏洞
Vulnerability Description
Apache SpamAssassin是美国阿帕奇(Apache)基金会的一款开源的垃圾邮件过滤器。该产品为系统管理员提供了一个过滤器,并支持对电子邮件进行分类阻止垃圾邮件。 Apache SpamAssassin before 3.4.5 存在操作系统命令注入漏洞,该漏洞允许配置恶意规则配置(.cf)文件来运行系统命令,而不会有任何输出或错误。
CVSS Information
N/A
Vulnerability Type
N/A