{"id":"CVE-2021-38084","details":"An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.","modified":"2026-04-10T04:36:37.687890Z","published":"2021-08-03T22:15:09.310Z","references":[{"type":"ADVISORY","url":"https://sourceforge.net/p/courier/mailman/message/37329216/"},{"type":"ADVISORY","url":"https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/svarshavchik/courier","events":[{"introduced":"0"},{"fixed":"368f9fb227b46406643b9425db604a0594f71dfe"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.5"}]}}],"versions":["cone/0.91.1/20141214081718","cone/0.91/20141213104043","cone/0.92/20150427080758","cone/0.94/20160814095508","cone/0.95/20170305145100","cone/0.96.1/20170819100006","cone/0.96.2/20171203115147","cone/0.96/20170702105408","cone/1.0/20180917224334","cone/1.1/20201026193655","cone/1.2/20210319214458","courier-analog/0.17/20160602194412","courier-analog/0.17/20160602194523","courier-analog/0.17/20160602194744","courier-analog/0.19/20210319214401","courier-authlib/0.66.0/20130928223315","courier-authlib/0.66.1/20131111193749","courier-authlib/0.66.2/20150427083605","courier-authlib/0.66.3/20150628230025","courier-authlib/0.66.4/20151115120442","courier-authlib/0.67.0/20170128131141","courier-authlib/0.68.0/20170702104809","courier-authlib/0.69.0/20180917223454","courier-authlib/0.69.1/20190724201053","courier-authlib/0.70.0/20200419164631","courier-authlib/0.71.0/20200618210228","courier-authlib/0.71.1/20210209205029","courier-authlib/0.71.2/20210319214948","courier-authlib/0.71.3/20210412205815","courier-imap/4.14/20130928195544","courier-imap/4.15.1/20140901094658","courier-imap/4.15/20131128184113","courier-imap/4.16.0/20141213101457","courier-imap/4.16.1/20150427082912","courier-imap/4.16.2/20150628230425","courier-imap/4.17.0/20160426065621","courier-imap/4.17.1/20160508091211","courier-imap/4.17.2/20160814095842","courier-imap/4.17.2/20160814101108","courier-imap/4.17.3/20170117204906","courier-imap/4.18.0/20170702105051","courier-imap/4.18.1/20170819100155","courier-imap/4.18.2/20171004193929","courier-imap/5.0.0/20180917223909","courier-imap/5.0.1/20181013160554","courier-imap/5.0.10/20200420082513","courier-imap/5.0.11/20200618210620","courier-imap/5.0.12/20210209210152","courier-imap/5.0.2/20181027111145","courier-imap/5.0.2/20181027111303","courier-imap/5.0.3/20181117093458","courier-imap/5.0.4/20181128192207","courier-imap/5.0.5/20181217190442","courier-imap/5.0.6/20190130192542","courier-imap/5.0.7/20190330184405","courier-imap/5.0.8/20190831135704","courier-imap/5.0.9/20200419173038","courier-imap/5.1.0/20210319215058","courier-imap/5.1.1/20210320170246","courier-imap/5.1.2/20210326200013","courier-imap/5.1.3/20210424125018","courier-sox/0.12/20131006094016","courier-sox/0.13/20200616202004","courier-sox/0.14/20200618215757","courier-sox/0.15/20210209215744","courier/0.72/20130928195848","courier/0.73.1/20131223194809","courier/0.73.2/20140901093012","courier/0.73/20131128185623","courier/0.74.0/20141213101233","courier/0.74.1/20141214080824","courier/0.74.2/20150427082224","courier/0.74.2/20150427082630","courier/0.75.0/20150628230151","courier/0.76.0/20160426065735","courier/0.76.1/20160508090929","courier/0.76.2/20160814095637","courier/0.76.2/20160814100959","courier/0.76.3/20160917211918","courier/0.76.4/20170117203707","courier/0.77.0/20170702104900","courier/0.78.0/20170819100405","courier/0.78.1/20171004193712","courier/0.78.2/20171203115636","courier/1.0.1/20181013160807","courier/1.0.10/20200419171855","courier/1.0.11/20200420073456","courier/1.0.12/20200420082639","courier/1.0.13/20200424072124","courier/1.0.14/20200618210330","courier/1.0.15/20210209205145","courier/1.0.2/20181027103012","courier/1.0.3/20181117093143","courier/1.0.4/20181128192349","courier/1.0.5/20181217190604","courier/1.0.6/20190130192956","courier/1.0.7/20190330184047","courier/1.0.7/20190608085611","courier/1.0.8/20190608090758","courier/1.0.9/20190831140324","courier/1.0/20180917223614","courier/1.1.0/20210319215318","courier/1.1.1/20210320170424","courier/1.1.2/20210326200147","courier/1.1.3/20210424125125","courier/1.1.4/20210518212001","maildrop/2.7.0/20130928195403","maildrop/2.7.1/20131128184356","maildrop/2.7.2/20140901092804","maildrop/2.8.0/20141213101719","maildrop/2.8.1/20141214081550","maildrop/2.8.2/20150427083304","maildrop/2.8.3/20150628231513","maildrop/2.8.4/20160814100858","maildrop/2.8.5/20170117205233","maildrop/2.9.0/20170702105314","maildrop/2.9.1/20170819100311","maildrop/2.9.1/20171004194531","maildrop/2.9.1/20171005071202","maildrop/2.9.2/20171005081210","maildrop/2.9.3/20171203115314","maildrop/3.0.0/20180917224237","maildrop/3.0.1/20200618220426","maildrop/3.0.2/20210209215800","maildrop/3.0.3/20210319214705","sqwebmail/5.7.0/20130928195718","sqwebmail/5.7.1/20131128184237","sqwebmail/5.7.2/20131223195015","sqwebmail/5.7.3/20140901092902","sqwebmail/5.8.0/20141213101603","sqwebmail/5.8.1/20141214081101","sqwebmail/5.8.2/20150427083025","sqwebmail/5.8.3/20150628231305","sqwebmail/5.8.4/20170117205036","sqwebmail/5.9.0/20170702105209","sqwebmail/5.9.1/20171004194032","sqwebmail/5.9.2/20171203115438","sqwebmail/6.0.0/20180917224034","sqwebmail/6.0.1/20190330184554","sqwebmail/6.0.1/20190608084158","sqwebmail/6.0.2/20190608084438","sqwebmail/6.0.3/20190831135524","sqwebmail/6.0.5/20210209210407","sqwebmail/6.0.6/20210319214818","sysconftool/0.17/20130825180226","sysconftool/0.17/20130825182318","sysconftool/0.18/20210319214332"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38084.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}