CVE-2021-37746

Published: Jul 30, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

Affected (4)

Products: Claws Mail: Claws Mail · Sylpheed Project: Sylpheed · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Claws Mail Claws Mail	Before 3.18.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Sylpheed Project Sylpheed	Up to 3.7.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (10)

https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz

Source: cve@mitre.org

PatchVendor Advisory

https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6/

Source: cve@mitre.org

https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz

Source: cve@mitre.org

PatchThird Party Advisory

https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz