CVE-PENDING

Name of the Vulnerable Software and Affected Versions: Mail library (affected versions not specified)

Description: The issue allows an attacker to send a long spam message via a recipient address, as there is no length limit imposed on email addresses by the Mail library. This can be a real threat in applications that deliver emails to user-specified addresses, such as inquiry forms or member signup forms. The attacker-injected message in the recipient address is processed by the server.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.