Lucene search
GoogleOSV:GHSA-84WG-RGP8-2HG4HistoryJan 08, 2022 - 12:40 a.m.
Command Injection in Apache James
2022-01-0800:40:33
Google
osv.dev
11
0.001 Low
EPSS
Percentile
34.6%
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
Related
github
github
Command Injection in Apache James
2022-01-08 00:40:33
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
cnvd
cnvd
Apache James Command Injection Vulnerability
2022-01-07 00:00:00
cve
cve
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
nvd
nvd
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
osv
osv
CVE-2021-38542
2022-01-04 09:15:07
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
CVE-2022-28220
2022-09-08 08:15:07
veracode
veracode
Information Disclosure
2022-01-05 17:31:14
prion
prion
Command injection
2022-01-04 09:15:00
Command injection
2022-09-08 08:15:00
cvelist
cvelist
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3)
2022-01-04 08:55:21
CVE-2022-28220 STARTTLS command injection in Apache JAMES
2022-09-08 07:40:09