CVE-2019-13917
Published: 25 July 2019
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Priority
CVSS 3 base score: 9.8
Notes
Author | Note |
---|---|
mdeslaur | remote or local code execution as root with non-default configuration |