Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
STARTTLS unencrypted commands injection
Vulnerability Description
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
在可信数据中接受外来的不可信数据
Vulnerability Title
aiosmptd 安全漏洞
Vulnerability Description
aiosmtpd是基于 asyncio 的 SMTP 服务器。 aiosmptd 1.4.6之前版本存在安全漏洞,该漏洞源于存在STARTTLS 未加密命令注入的问题。
CVSS Information
N/A
Vulnerability Type
N/A