RCE with custom label titles
Package
roundcube-thunderbird_labels
(roundcube-plugin)
Affected versions
<=1.4.12
Patched versions
None
Description
Credits
-
Zerg2000 Analyst
Zerg2000
Analyst
description
Remote code execution vulnerability in
roundcube-thunderbird_labels when
tb_label_modify_labelsis enabled.workaround
If you cannot upgrade to roundcube-thunderbird_labels-1.4.13 disable the
tb_label_modify_labelsconfig option.