SSD Advisory – Roundcube markasjunk RCE
Summary A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. Credit An independent security researcher, Selim Enes Karaduman, working with SSD Secure Disclosure. Affected Devices Roundcube version 1.6.1 and prior (with markasjunk plugin enabled) Technical Analysis Roundcube’s markasjunk plugin comes …
