Critical severityNVD Advisory· Published Aug 8, 2021· Updated Aug 4, 2024
CVE-2021-38189
CVE-2021-38189
Description
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lettrecrates.io | >= 0.7.0, < 0.9.6 | 0.9.6 |
Affected products
2- lettre/lettredescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qc36-q22q-cjw3ghsaADVISORY
- github.com/lettre/lettre/commit/8bfc20506cc5e098fe6eb3d1cafe3bea791215ceghsaWEB
- github.com/lettre/lettre/pull/627/commits/93458d01fed0ec81c0e7b4e98e6f35961356fae2ghsaWEB
- github.com/lettre/lettre/security/advisories/GHSA-qc36-q22q-cjw3ghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/lettre/RUSTSEC-2021-0069.mdmitrex_refsource_MISC
- rustsec.org/advisories/RUSTSEC-2021-0069.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.