CVE-2022-4055

ADVISORY - nist

Summary

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

EPSS Score⁠: 0.00038 (0.111)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-146⁠

Improper Neutralization of Expression/Command Delimiters

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.