Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Roundcube 0.3.1 及以上版本并未要求浏览器避免电子邮件中包含的域名名称的 DNS 预取，这使远程攻击者更容易通过记录 DNS 请求来确定电子邮件用户的网络位置。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）