Headline
GHSA-gff2-p6vm-3p8g: ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport
, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024