CVE-2015-8476: Multiple CRLF injection vulnerabilities

December 16, 2015 (updated December 5, 2016)

Multiple CRLF injection vulnerabilities allow attackers to inject arbitrary SMTP commands via CRLF sequences in an email address to the validateAddress function in class.phpmailer.php or SMTP command to the sendCommand function in class.smtp.php.

References

www.cvedetails.com/cve/CVE-2015-8476/
github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14

Code Behaviors & Features

Detect and mitigate CVE-2015-8476 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →