CVE-2021-32749 log

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description
In fail2bain up to version 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action "mail-whois". The "mail" command from the mailutils package used in mail actions like "mail-whois" can execute arbitrary commands if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a man-in-the-middle (MITM) attack or by taking over a whois server.
Group Package Affected Fixed Severity Status Ticket
AVG-2169 fail2ban 0.11.2-1 High Vulnerable FS#71524
References
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844
Notes
Workaround
==========

The way for users to fix or remediate the vulnerability without upgrading would be to avoid the usage of action mail-whois or to patch it manually.