CVE-2018-11781

7.8HIGH

Key Information:

Vendor: Apache
Status: Apache Spamassassin
Vendor: CVE Published:; 17 September 2018

Summary

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Affected Version(s)

Apache SpamAssassin before 3.4.2

References

https://usn.ubuntu.com/3811-3/

vendor-advisoryx_refsource_UBUNTU

https://usn.ubuntu.com/3811-1/

vendor-advisoryx_refsource_UBUNTU

https://security.gentoo.org/glsa/201812-07

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2018
Vulnerability Reserved
Jun 5, 2018

.