A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
References
Configurations
History
No history.
Information
Published : 2019-06-05 14:29
Updated : 2022-11-07 19:12
NVD link : CVE-2019-10149
Mitre link : CVE-2019-10149
CVE.ORG link : CVE-2019-10149
JSON object : View
Products Affected
exim
- exim
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')