CVE-2017-20187

Magnesium-PHP Base.php formatEmailString injection

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Link	Tags
https://vuldb.com/?id.244482	third party advisory vdb entry technical description
https://vuldb.com/?ctiid.244482	signature third party advisory permissions required
https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604	patch
https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1	patch release notes

Frequently Asked Questions

What is the severity of CVE-2017-20187?: CVE-2017-20187 has been scored as a low severity vulnerability.
How to fix CVE-2017-20187?: To fix CVE-2017-20187, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-20187 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2017-20187 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-20187?: CVE-2017-20187 affects n/a Magnesium-PHP.

Description

Category

CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

References

Frequently Asked Questions