Description
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
Remediation
References
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Related Vulnerabilities
CVE-2020-28500 Vulnerability in maven package org.webjars:lodash
CVE-2022-35917 Vulnerability in npm package @solana/pay
CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2022-43425 Vulnerability in maven package io.jenkins.plugins:custom-checkbox-parameter
CVE-2022-38750 Vulnerability in maven package org.yaml:snakeyaml