References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Mailpit is an email testing tool and API for developers. Prior to version 1.28. Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-93

CWE-150

https://github.com/axllent/mailpit/commit/36cc06c125954dec6673219dafa084e13cc14534

https://github.com/axllent/mailpit/releases/tag/v1.28.3

https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c