An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-08
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-11-12