crates.io package
lettre
pkg:cargo/lettre
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38189 | — | >= 0.7.0, < 0.9.6 | 0.9.6 | Aug 8, 2021 | An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands. | ||
| CVE-2020-28247 | — | >= 0.9.0, < 0.9.5 | 0.9.5 | Nov 12, 2020 | The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. |
- CVE-2021-38189Aug 8, 2021affected >= 0.7.0, < 0.9.6fixed 0.9.6
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands.
- CVE-2020-28247Nov 12, 2020affected >= 0.9.0, < 0.9.5fixed 0.9.5
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.