Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
Software | From | Fixed in |
---|---|---|
confirm / confirm | 0.50 | 0.50.x |
confirm / confirm | 0.51 | 0.51.x |
confirm / confirm | 0.52 | 0.52.x |
confirm / confirm | 0.53 | 0.53.x |
confirm / confirm | 0.54 | 0.54.x |
confirm / confirm | 0.55 | 0.55.x |
confirm / confirm | 0.60 | 0.60.x |
confirm / confirm | 0.61 | 0.61.x |
confirm / confirm | 0.62 | 0.62.x |