Detections
Analytics

CVE-2024-27448

critical

Description

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.

References

https://intrix.com.au/articles/exposing-major-security-flaw-in-maildev

https://github.com/maildev/maildev/releases

https://github.com/maildev/maildev/issues/467

https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE

https://gist.github.com/stypr/fe2003f00959f7e3d92ab9d5260433f8

Details

Source: Mitre, NVD

Published: 2024-04-05

Updated: 2025-03-13

Named Vulnerability: MailDev Remote Code Execution

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.10673