diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,38 @@ + + fail2ban -- possible RCE vulnerability in mailing action using mailutils + + + py36-fail2ban + py37-fail2ban + py38-fail2ban + py39-fail2ban + py310-fail2ban + 0.11.2_3 + + + + + Jakub Żoczek reports: + + + Command mail from mailutils package used in mail actions + like mail-whois can execute command if unescaped sequences + (\n~) are available in "foreign" input (for instance in + whois output). + + + + + + CVE-2021-32749 + https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + + + 2021-07-16 + 2021-10-28 + + + Grafana -- Snapshot authentication bypass
Jakub Żoczek reports:
+ + Command mail from mailutils package used in mail actions + like mail-whois can execute command if unescaped sequences + (\n~) are available in "foreign" input (for instance in + whois output). + +
+ Command mail from mailutils package used in mail actions + like mail-whois can execute command if unescaped sequences + (\n~) are available in "foreign" input (for instance in + whois output). +
mail
mail-whois
\n~