Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
go-mail has insufficient address encoding when passing mail addresses to the SMTP client
Vulnerability Description
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user's code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1
CVSS Information
N/A
Vulnerability Type
参数注入或修改
Vulnerability Title
go-mail 参数注入漏洞
Vulnerability Description
go-mail是Winni Neessen个人开发者的一个具有邮件发送功能的Golang库。 go-mail 0.7.0及之前版本存在参数注入漏洞,该漏洞源于对mail.Address值处理不当,可能导致错误地址路由或ESMTP参数夹带。
CVSS Information
N/A
Vulnerability Type
N/A