The submission service in Dovecot prior to 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dovecot dovecot |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 10.0 |