---

CVE-2020-1946 - log back

CVE-2020-1946 edited at 27 Mar 2021 11:59:39
References	https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C241c47dc-467f-c622-c8ab-e06df159b475%40apache.org%3E https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 + https://svn.apache.org/viewvc?view=revision&revision=1876381

CVE-2020-1946 edited at 24 Mar 2021 18:12:44
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to pamAssassin version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
References	+ https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C241c47dc-467f-c622-c8ab-e06df159b475%40apache.org%3E + https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793
Notes

CVE-2020-1946 created at 24 Mar 2021 18:06:53