An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-08