Unrated severityNVD Advisory· Published Apr 17, 2020· Updated Aug 4, 2024
CVE-2020-11879
CVE-2020-11879
Description
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- GNOME/Evolutiondescription
- Range: <3.35.91
- osv-coords2 versionspkg:rpm/suse/evolution&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/evolution&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 3.22.6-19.14.1+ 1 more
- (no CPE)range: < 3.22.6-19.14.1
- (no CPE)range: < 3.22.6-19.14.1
Patches
Vulnerability mechanics
References
3- gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWSmitrex_refsource_MISC
- gitlab.gnome.org/GNOME/evolution/issues/784mitrex_refsource_MISC
- www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.