Summary

A vulnerability, CVE-2017-20187, has been identified in Magnesium-PHP versions up to 0.3.0. The issue is related to an injection vulnerability in the formatEmailString function, which has been classified as problematic.

Key Points

• CVE Identifier: CVE-2017-20187
• Affected Product: Magnesium-PHP up to version 0.3.0
• Vulnerable Function: formatEmailString in src/Magnesium/Message/Base.php
• Issue Type: Injection vulnerability
• Resolution: Upgrade to version 0.3.1
• Patch Identifier: 500d340e1f6421007413cc08a8383475221c2604
• Additional Identifier: VDB-244482
• Support Status: Affects unsupported products

Analysis

The vulnerability in Magnesium-PHP is significant for systems still running unsupported versions of the software. Although it is classified as problematic, the fact that it affects unsupported products reduces its immediate impact. The availability of a patch and an upgrade path to version 0.3.1 provides a straightforward resolution for those still using the affected versions.

Conclusion

IT professionals managing systems with Magnesium-PHP should ensure they are not using unsupported versions. It is recommended to upgrade to version 0.3.1 to mitigate the injection vulnerability and maintain system security.