CVE-2020-11879

Name of the Vulnerable Software and Affected Versions GNOME Evolution versions prior to 3.35.91

Description An issue was discovered where a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user. This is achieved by using the proprietary "mailto?attach=..." parameter, as demonstrated by an attach=. value.

Recommendations For versions prior to 3.35.91, update to version 3.35.91 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "mailto?attach=..." parameter in mailto links until the issue is resolved.