28 lines
1.1 KiB
Plaintext
28 lines
1.1 KiB
Plaintext
Sending emails is security-sensitive and can expose an application to a large range of vulnerabilities.
|
||
|
||
|
||
*Information Exposure*
|
||
|
||
Emails often contain sensitive information which might be exposed to an attacker if he can add an arbitrary address to the recipient list.
|
||
|
||
|
||
*Spamming / Phishing*
|
||
|
||
Malicious user can abuse email based feature to send spam or phishing content.
|
||
|
||
|
||
*Dangerous Content Injection*
|
||
|
||
Emails can contain HTML and JavaScript code, thus they can be used for XSS attacks.
|
||
|
||
|
||
*Email Headers Injection*
|
||
|
||
Email fields such as ``++subject++``, ``++to++``, ``++cc++``, ``++bcc++``, ``++from++`` are set in email "headers". Using unvalidated user input to set those fields might allow attackers to inject new line characters in headers to craft malformed SMTP requests. Although modern libraries are filtering new line character by default, user data used in email "headers" should always be validated.
|
||
|
||
|
||
In the past, it has led to the following vulnerabilities:
|
||
|
||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801[CVE-2017-9801]
|
||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4803[CVE-2016-4803]
|