Exim · Sa-Exim · CVE-2019-19920
**Name of the Vulnerable Software and Affected Versions**
sa-exim version 4.2.1
**Description**
The issue allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on `eval` rather than direct parsing and/or use of the taint feature.
**Recommendations**
For sa-exim version 4.2.1, consider disabling the use of `eval` in Greylisting.pm or restrict access to writing .cf files and rules until a patch is available.