Severity

Medium

Analysis Summary

CVE-2020-1946

Apache SpamAssassin could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By using a specially-crafted rule configuration (.cf) file, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

Impact

Gain Access

Affected Vendors

Apache

Affected Products

Apache SpamAssassin 3.4.0

Remediation

Upgrade to the latest version of SpamAssassin (3.4.5 or later).