FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-23 17:04:23 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b374df95-afa8-11f0-b4c8-792b26d8a051	RT -- CSV injection Gareth Watkin-Jones from 4armed reports: RT is vulnerable to CSV injection via ticket values with special characters that are exported to a TSV from search results. Thanks to Gareth Watkin-Jones from 4armed for reporting this finding. Discovery 2025-10-23 Entry 2025-10-23 rt60 rt50 rt44 >= 6.0.0 lt 6.0.2 >= 5.0.0 lt 5.0.9 >= 4.4.0 lt 4.4.9 CVE-2025-61873 https://github.com/bestpractical/rt/releases/tag/rt-6.0.2
e14b9870-62a4-11ee-897b-000bab9f87f1	Request Tracker -- multiple vulnerabilities Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. Discovery 2023-10-18 Entry 2023-10-18 rt44 < 4.4.6 rt50 < 5.0.4 CVE-2023-41259 CVE-2023-41260 CVE-2023-45024 https://bestpractical.com/request-tracker/

VuXML ID

Description

b374df95-afa8-11f0-b4c8-792b26d8a051

RT -- CSV injection

Gareth Watkin-Jones from 4armed reports:

RT is vulnerable to CSV injection via ticket values with special characters that are exported to a TSV from search results. Thanks to Gareth Watkin-Jones from 4armed for reporting this finding.

Discovery 2025-10-23
Entry 2025-10-23
rt60
rt50
rt44

>= 6.0.0 lt 6.0.2

>= 5.0.0 lt 5.0.9

>= 4.4.0 lt 4.4.9

CVE-2025-61873
https://github.com/bestpractical/rt/releases/tag/rt-6.0.2

e14b9870-62a4-11ee-897b-000bab9f87f1

Request Tracker -- multiple vulnerabilities

Request Tracker reports:

CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.

CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.

CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.

Discovery 2023-10-18
Entry 2023-10-18
rt44

< 4.4.6

rt50

< 5.0.4

CVE-2023-41259
CVE-2023-41260
CVE-2023-45024
https://bestpractical.com/request-tracker/