---

CVE-2019-13917 - log back

CVE-2019-13917 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
References	+ https://seclists.org/oss-sec/2019/q3/63 + https://lists.exim.org/lurker/message/20190725.090419.d506f736.en.html
Notes