Filtered by vendor Lettre Subscriptions
Filtered by product Lettre Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-28247 1 Lettre 1 Lettre 2024-08-04 5.3 Medium
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
CVE-2021-38189 1 Lettre 1 Lettre 2024-08-04 9.8 Critical
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.