FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube-thunderbird_labels -- RCE with custom label titles

Affected packages
roundcube-thunderbird_labels <= 1.4.12

Details

VuXML ID 127674c6-4a27-11ed-9f93-002b67dfc673
Discovery 2022-10-10
Entry 2022-10-12

The Roundcube project reports:

Description:

Remote code execution vulnerability in roundcube-thunderbird_labels when tb_label_modify_labels is enabled.

Workaround:

If you cannot upgrade to roundcube-thunderbird_labels-1.4.13 disable the tb_label_modify_labels config option.

[source]

References

URL https://github.com/mike-kfed/roundcube-thunderbird_labels/security/advisories/GHSA-wp6h-wgxq-v949

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.