Lucene search
ApacheCVELIST:CVE-2018-1294HistoryMar 19, 2018 - 12:00 a.m.
CVE-2018-1294
2018-03-1900:00:00
apache
www.cve.org
0.001 Low
EPSS
Percentile
44.3%
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called “Bounce Address”, and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
CNA Affected
[
{
"product": "Apache Commons Email",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.5"
}
]
}
]References
Related
prion
prion
Input validation
2018-03-20 17:29:00
cve
cve
CVE-2018-1294
2018-03-20 17:29:00
ubuntucve
ubuntucve
CVE-2018-1294
2018-03-20 00:00:00
mageia
mageia
Updated apache-commons-email packages fix security vulnerability
2018-02-25 02:25:24
osv
osv
Improper Input Validation Apache Commons Email
2022-05-14 01:28:26
nvd
nvd
CVE-2018-1294
2018-03-20 17:29:00
openvas
openvas
Fedora Update for apache-commons-email FEDORA-2018-48d385a6fd
2018-02-15 00:00:00
Mageia: Security Advisory (MGASA-2018-0136)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : apache-commons-email (openSUSE-2018-134)
2018-02-06 00:00:00
Fedora 26 : apache-commons-email (2018-48d385a6fd)
2018-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: apache-commons-email-1.5-1.fc26
2018-02-14 17:11:32
veracode
veracode
Information Disclosure
2018-01-29 03:11:31
github
github
Improper Input Validation Apache Commons Email
2022-05-14 01:28:26
debiancve
debiancve
CVE-2018-1294
2018-03-20 17:29:00
ibm
ibm
