An issue exists in the lettre crate prior to 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lettre lettre |
||
lettre lettre 0.10.0 |