CVE-2017-5223: Local File Disclosure
(updated )
PHPMailer’s msgHTML
method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /
, meaning that relative image URLs get treated as absolute local file paths and added as attachments.
References
Detect and mitigate CVE-2017-5223 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →