CVE-2015-9097: SMTP Injection via to/from addresses
(updated )
The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to RCPT TO
and MAIL FROM
.
References
Detect and mitigate CVE-2015-9097 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →