lettre
crates.io2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting lettrepage 1 of 1
- CVE-2020-28247MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.10.0-alpha.42020-11-12
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
- CVE-2021-38189CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.10.0-rc.32021-08-08
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
Check whether lettre is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for lettre CVEs against the assets you own.
Start Free Scan →