Description
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
Remediation
References
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Related Vulnerabilities
CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2022-23631 Vulnerability in npm package superjson
CVE-2021-25948 Vulnerability in npm package expand-hash
CVE-2020-15096 Vulnerability in npm package electron
CVE-2022-35915 Vulnerability in npm package @openzeppelin/contracts