VDB
ALPINE-CVE-2018-11781
ALPINE-CVE-2018-11781
PUBLISHED
CVSS 7.800000190734863 HIGH
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
Risk Scores
CVSS v3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | spamassassin | 3.2.5-r1, 3.4.1-r8, 3.4.1-r7 |
| Alpine:v3.17 | spamassassin | 0, 3.4.1-r8, 3.4.1-r7 |
| Alpine:v3.13 | spamassassin | 3.4.1-r8, 0, 3.3.1-r0 |
| Alpine:v3.21 | spamassassin | 3.2.5-r0, 3.4.1-r8, 3.4.1-r7 |
| Alpine:v3.20 | spamassassin | 0, 3.4.1-r8, 3.4.1-r7 |
| Alpine:v3.10 | spamassassin | 3.2.5-r0, 3.4.1-r8, 3.4.1-r7 |
| Alpine:v3.9 | spamassassin | 0, 3.2.5-r1, 3.3.0-r1 |
| Alpine:v3.22 | spamassassin | 0, 3.2.5-r0, 3.2.5-r1 |
| Alpine:v3.11 | spamassassin | 3.3.1-r4, 3.2.5-r0, 3.2.5-r1 |
| Alpine:v3.8 | spamassassin | 3.4.1-r8, 3.4.1-r7, 3.4.1-r6 |
| Alpine:v3.18 | spamassassin | 0, 3.2.5-r0, 3.3.1-r0 |
| Alpine:v3.12 | spamassassin | 3.2.5-r0, 3.3.0-r1, 3.3.1-r1 |
| Alpine:v3.16 | spamassassin | 3.4.1-r8, 0, 3.2.5-r0 |
| Alpine:v3.14 | spamassassin | 0, 3.2.5-r1, 3.3.0-r1 |
| Alpine:v3.23 | spamassassin | 3.2.5-r1, 3.2.5-r0, 3.2.5-r1 |
| Alpine:v3.19 | spamassassin | 0, 3.2.5-r0, 3.2.5-r1 |
Timeline
- Sep 17, 2018 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch