How severe is CVE-2024-27938?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-27938?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2024-27938 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `<CR><LF>.<CR><LF>`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue.

Related Vulnerabilities

CVE-2018-20586

MEDIUM

CVSS:5.3(Medium)

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

CWE-1162018

CVE-2019-11717

MEDIUM

CVSS:5.3(Medium)

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulne...

CWE-1162019

CVE-2019-15944

MEDIUM

CVSS:5.3(Medium)

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.

CWE-1162019

CVE-2019-19714

MEDIUM

CVSS:5.3(Medium)

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

CWE-1162019

CVE-2019-3571

MEDIUM

CVSS:5.3(Medium)

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

CWE-1162019

CVE-2020-24592

MEDIUM

CVSS:5.3(Medium)

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

CWE-1162020