Your submission was sent successfully! Close

CVE-2020-12641

Published: 4 May 2020

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
roundcube
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Not vulnerable
(1.4.4+dfsg.1-1)
hirsute Not vulnerable
(1.4.4+dfsg.1-1)
impish Not vulnerable
(1.4.4+dfsg.1-1)
jammy Not vulnerable
(1.4.4+dfsg.1-1)
precise Does not exist

trusty Does not exist

upstream
Released (1.4.4+dfsg.1-1)
xenial Ignored
(end of standard support, was needed)