CVE-2016-10074

Name of the Vulnerable Software and Affected Versions Swift Mailer versions prior to 5.4.5

Description The issue allows remote attackers to potentially execute arbitrary code by passing extra parameters to the mail command. This can be achieved by including a (backslash double quote) in a crafted e-mail address within the From, ReturnPath, or Sender header.

Recommendations For versions prior to 5.4.5, update to version 5.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of special characters in e-mail addresses within the From, ReturnPath, or Sender headers until a patch is applied.