| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary command execution |
|
| Description |
| + |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. |
|
| References |
| + |
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb |
| + |
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d |
|
| Notes |
|