[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-11805":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":72,"related":73,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":221,"epss":222,"epss_history":225,"metrics":493,"affected":504},"CVE-2018-11805","In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":45},"ALPINE-CVE-2018-11805",{"_key":47},"RHSA-2020:4625",{"_key":49},"SUSE-SU-2020:0810-1",{"_key":51},"SUSE-SU-2020:0811-1",{"_key":53},"SUSE-SU-2020:0813-1",{"_key":55},"UBUNTU-CVE-2018-11805",{"_key":57},"USN-4237-1",{"_key":59},"USN-4237-2",{"_key":61},"OPENSUSE-SU-2020:0446-1",{"_key":63},"OPENSUSE-SU-2024:11395-1",{"_key":65},"DLA-2037-1",{"_key":67},"DSA-4584-1",{"_key":69},"MGASA-2019-0406",{"_key":71},"DEBIAN-CVE-2018-11805",[],[74,75,76,77,78,79],{"_key":49},{"_key":51},{"_key":53},{"_key":61},{"_key":63},{"_key":69},"2019-12-12T22:11:05.000Z","2024-08-05T08:17:09.279Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.0007,"high",7.2,"v2.0","nvd","AV:L/AC:L/Au:N/C:C/I:C/A:C",[93,100,104,108,113,117,122,128,133,138,143,147,151,155,159,164,168,172,176,180,184,188,192,196,200,204,208,212,216],{"url":94,"sources":95,"tags":97},"https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E",[96,90],"cve.org",[98,99],"Mailing List","X Refsource MLIST",{"url":101,"sources":102,"tags":103},"https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E",[96,90],[98,99],{"url":105,"sources":106,"tags":107},"https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E",[96,90],[98,99],{"url":109,"sources":110,"tags":111},"http://www.openwall.com/lists/oss-security/2019/12/12/1",[96,90],[98,99,112],"Third Party Advisory",{"url":114,"sources":115,"tags":116},"https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E",[96,90],[98,99],{"url":118,"sources":119,"tags":120},"https://seclists.org/oss-sec/2019/q4/154",[96,90],[121,98,112],"X Refsource MISC",{"url":123,"sources":124,"tags":125},"https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",[96,90],[126,98,127],"X Refsource CONFIRM","Vendor Advisory",{"url":129,"sources":130,"tags":131},"https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647",[96,90],[126,132],"Permissions Required",{"url":134,"sources":135,"tags":136},"https://www.debian.org/security/2019/dsa-4584",[96,90],[127,137,112],"X Refsource DEBIAN",{"url":139,"sources":140,"tags":141},"https://seclists.org/bugtraq/2019/Dec/27",[96,90],[98,142,112],"X Refsource BUGTRAQ",{"url":144,"sources":145,"tags":146},"https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html",[96,90],[98,99,112],{"url":148,"sources":149,"tags":150},"https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":152,"sources":153,"tags":154},"https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":156,"sources":157,"tags":158},"https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":160,"sources":161,"tags":162},"https://usn.ubuntu.com/4237-1/",[96,90],[127,163],"X Refsource UBUNTU",{"url":165,"sources":166,"tags":167},"https://usn.ubuntu.com/4237-2/",[96,90],[127,163],{"url":169,"sources":170,"tags":171},"https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E",[96,90],[98,99],{"url":173,"sources":174,"tags":175},"https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E",[96,90],[98,99],{"url":177,"sources":178,"tags":179},"https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":181,"sources":182,"tags":183},"https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":185,"sources":186,"tags":187},"https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E",[96,90],[98,99],{"url":189,"sources":190,"tags":191},"https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E",[96,90],[98,99],{"url":193,"sources":194,"tags":195},"https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E",[96,90],[98,99],{"url":197,"sources":198,"tags":199},"http://www.openwall.com/lists/oss-security/2020/01/30/3",[96,90],[98,99],{"url":201,"sources":202,"tags":203},"http://www.openwall.com/lists/oss-security/2020/01/30/2",[96,90],[98,99],{"url":205,"sources":206,"tags":207},"https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":209,"sources":210,"tags":211},"https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E",[96,90],[98,99],{"url":213,"sources":214,"tags":215},"https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E",[96,90],[98,99],{"url":217,"sources":218,"tags":219},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html",[96,90],[127,220],"X Refsource SUSE",[],{"date":223,"score":86,"percentile":224},"2026-06-04",0.21601,[226,230,233,236,239,242,245,248,251,254,257,260,263,266,269,273,276,279,282,285,288,291,293,296,299,302,304,307,310,313,316,318,321,324,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,378,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,432,435,438,441,444,447,449,452,455,458,461,464,467,470,472,475,478,481,484,487,490],{"date":227,"score":228,"percentile":229},"2025-11-04",0.0003,0.07462,{"date":231,"score":228,"percentile":232},"2025-11-05",0.07518,{"date":234,"score":228,"percentile":235},"2025-11-06",0.07634,{"date":237,"score":228,"percentile":238},"2025-11-07",0.07662,{"date":240,"score":228,"percentile":241},"2025-11-08",0.0767,{"date":243,"score":228,"percentile":244},"2025-11-09",0.07635,{"date":246,"score":228,"percentile":247},"2025-11-10",0.07591,{"date":249,"score":228,"percentile":250},"2025-11-11",0.07581,{"date":252,"score":228,"percentile":253},"2025-11-12",0.07561,{"date":255,"score":228,"percentile":256},"2025-11-13",0.07595,{"date":258,"score":228,"percentile":259},"2025-11-14",0.07642,{"date":261,"score":228,"percentile":262},"2025-11-15",0.07695,{"date":264,"score":228,"percentile":265},"2025-11-16",0.07706,{"date":267,"score":228,"percentile":268},"2025-11-17",0.07696,{"date":270,"score":271,"percentile":272},"2025-11-18",0.00106,0.24513,{"date":274,"score":271,"percentile":275},"2025-11-19",0.24538,{"date":277,"score":271,"percentile":278},"2025-11-20",0.24551,{"date":280,"score":228,"percentile":281},"2025-11-21",0.0786,{"date":283,"score":228,"percentile":284},"2025-11-22",0.07853,{"date":286,"score":228,"percentile":287},"2025-11-23",0.07849,{"date":289,"score":228,"percentile":290},"2025-11-24",0.07837,{"date":292,"score":228,"percentile":290},"2025-11-25",{"date":294,"score":228,"percentile":295},"2025-11-26",0.07844,{"date":297,"score":228,"percentile":298},"2025-11-27",0.07846,{"date":300,"score":228,"percentile":301},"2025-11-28",0.07832,{"date":303,"score":228,"percentile":281},"2025-11-29",{"date":305,"score":228,"percentile":306},"2025-11-30",0.07857,{"date":308,"score":228,"percentile":309},"2025-12-01",0.07891,{"date":311,"score":228,"percentile":312},"2025-12-02",0.07908,{"date":314,"score":228,"percentile":315},"2025-12-03",0.07927,{"date":317,"score":228,"percentile":312},"2025-12-04",{"date":319,"score":228,"percentile":320},"2025-12-05",0.07925,{"date":322,"score":228,"percentile":323},"2025-12-06",0.07937,{"date":325,"score":228,"percentile":323},"2025-12-07",{"date":327,"score":228,"percentile":328},"2025-12-08",0.07932,{"date":330,"score":228,"percentile":331},"2025-12-09",0.07985,{"date":333,"score":228,"percentile":334},"2025-12-10",0.08054,{"date":336,"score":228,"percentile":337},"2025-12-11",0.08108,{"date":339,"score":228,"percentile":340},"2025-12-12",0.0811,{"date":342,"score":228,"percentile":343},"2025-12-13",0.08075,{"date":345,"score":228,"percentile":346},"2025-12-14",0.08064,{"date":348,"score":228,"percentile":349},"2025-12-15",0.07994,{"date":351,"score":228,"percentile":352},"2025-12-16",0.08018,{"date":354,"score":228,"percentile":355},"2025-12-17",0.08098,{"date":357,"score":228,"percentile":358},"2025-12-18",0.08155,{"date":360,"score":228,"percentile":361},"2025-12-19",0.08133,{"date":363,"score":228,"percentile":364},"2025-12-20",0.08125,{"date":366,"score":228,"percentile":367},"2025-12-21",0.08056,{"date":369,"score":228,"percentile":370},"2025-12-22",0.08008,{"date":372,"score":228,"percentile":373},"2025-12-23",0.08024,{"date":375,"score":376,"percentile":377},"2025-12-24",0.00033,0.09257,{"date":379,"score":376,"percentile":380},"2025-12-25",0.09342,{"date":382,"score":376,"percentile":383},"2025-12-26",0.09328,{"date":385,"score":376,"percentile":386},"2025-12-27",0.0929,{"date":388,"score":376,"percentile":389},"2025-12-28",0.09327,{"date":391,"score":376,"percentile":392},"2025-12-29",0.09293,{"date":394,"score":376,"percentile":395},"2025-12-30",0.09273,{"date":397,"score":376,"percentile":398},"2025-12-31",0.09319,{"date":400,"score":376,"percentile":401},"2026-01-01",0.0935,{"date":403,"score":376,"percentile":404},"2026-01-02",0.09349,{"date":406,"score":376,"percentile":407},"2026-01-03",0.09338,{"date":409,"score":376,"percentile":410},"2026-01-04",0.09267,{"date":412,"score":376,"percentile":413},"2026-01-05",0.09223,{"date":415,"score":376,"percentile":416},"2026-01-06",0.09204,{"date":418,"score":376,"percentile":419},"2026-01-07",0.09235,{"date":421,"score":376,"percentile":422},"2026-01-08",0.09296,{"date":424,"score":376,"percentile":425},"2026-01-09",0.09313,{"date":427,"score":376,"percentile":428},"2026-01-10",0.09332,{"date":430,"score":376,"percentile":431},"2026-01-11",0.09285,{"date":433,"score":376,"percentile":434},"2026-01-12",0.09266,{"date":436,"score":376,"percentile":437},"2026-01-13",0.09236,{"date":439,"score":376,"percentile":440},"2026-01-14",0.09291,{"date":442,"score":376,"percentile":443},"2026-01-15",0.093,{"date":445,"score":376,"percentile":446},"2026-01-16",0.09339,{"date":448,"score":376,"percentile":404},"2026-01-17",{"date":450,"score":376,"percentile":451},"2026-01-18",0.09312,{"date":453,"score":376,"percentile":454},"2026-01-19",0.0927,{"date":456,"score":376,"percentile":457},"2026-01-20",0.09245,{"date":459,"score":376,"percentile":460},"2026-01-21",0.09213,{"date":462,"score":376,"percentile":463},"2026-01-22",0.09198,{"date":465,"score":376,"percentile":466},"2026-01-23",0.09288,{"date":468,"score":376,"percentile":469},"2026-01-24",0.09346,{"date":471,"score":376,"percentile":434},"2026-01-25",{"date":473,"score":228,"percentile":474},"2026-01-26",0.08007,{"date":476,"score":228,"percentile":477},"2026-01-27",0.07996,{"date":479,"score":228,"percentile":480},"2026-01-28",0.07962,{"date":482,"score":228,"percentile":483},"2026-01-29",0.0794,{"date":485,"score":228,"percentile":486},"2026-01-30",0.07957,{"date":488,"score":228,"percentile":489},"2026-01-31",0.0798,{"date":491,"score":228,"percentile":492},"2026-02-01",0.08001,[494],{"source":90,"cvss_v2_0":495,"cvss_v3_0":9,"cvss_v3_1":498,"cvss_v4_0":9},{"baseScore":88,"baseSeverity":9,"vectorString":91,"impactScore":496,"exploitabilityScore":497},10,3.9,{"baseScore":499,"baseSeverity":500,"vectorString":501,"impactScore":502,"exploitabilityScore":503},6.7,"MEDIUM","CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",9.8,2.1,[505,514,523],{"ecosystem":9,"name":506,"vendor":507,"product":508,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":510},"Apache SpamAssassin","apache","apache spamassassin","a",[511],{"version":512,"is_range":84,"range_type":96,"version_start":512,"version_start_type":513,"version_end":512,"version_end_type":513,"fixed_in":9},"Apache SpamAssassin prior to 3.4.3","including",{"ecosystem":9,"name":515,"vendor":507,"product":515,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":516},"spamassassin",[517],{"version":518,"is_range":519,"range_type":520,"version_start":9,"version_start_type":9,"version_end":521,"version_end_type":522,"fixed_in":9},"lt3.4.3",true,"cpe","3.4.3","excluding",{"ecosystem":9,"name":524,"vendor":525,"product":526,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"debian linux","debian","debian_linux","o",[529,531,533],{"version":530,"is_range":84,"range_type":520,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":532,"is_range":84,"range_type":520,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":534,"is_range":84,"range_type":520,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0"]