{"id":"GHSA-rq6q-hjvh-5mwh","summary":"Flow Swift Mailer package Remote code execution","details":"A remote code execution vulnerability has been found in the Swift Mailer library (swiftmailer/swiftmailer) recently. [See this advisory for details](http://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html). If you are not using the default mail() transport, this particular problem  does not affect you. Upgrading is of course still recommended!","modified":"2024-12-02T05:28:57.574716Z","published":"2024-05-17T23:06:50Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2024-05-17T23:06:50Z","nvd_published_at":null,"cwe_ids":[],"severity":"CRITICAL"},"references":[{"type":"WEB","url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/neos/swiftmailer/2017-01-06.yaml"},{"type":"PACKAGE","url":"https://github.com/neos/swiftmailer"},{"type":"WEB","url":"https://www.neos.io/blog/flow-sa-2017-01.html"}],"affected":[{"package":{"name":"neos/swiftmailer","ecosystem":"Packagist","purl":"pkg:composer/neos/swiftmailer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.5"}]}],"versions":["4.1.5","5.0.3","5.2.2","5.3.1","5.4.1","5.4.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-rq6q-hjvh-5mwh/GHSA-rq6q-hjvh-5mwh.json"}}],"schema_version":"1.7.3"}