Vulnerabilities > Apache > Spamassassin > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2020-1946 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.
network
low complexity
apache debian fedoraproject CWE-78
critical
 9.8
9.8
2018-09-17 CVE-2018-11780 Code Injection vulnerability in multiple products
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
network
low complexity
apache pdfinfo-project debian canonical CWE-94
critical
 9.8
9.8