Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
References
Configurations
No configuration.
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f - | |
References | () https://github.com/roundcube/roundcubemail/releases/tag/1.5.7 - | |
References | () https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 - |
01 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-77 |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 04:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37385
Mitre link : CVE-2024-37385
CVE.ORG link : CVE-2024-37385
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')