Lucene search
GoogleOSV:GHSA-V7CM-W955-PJ6GHistoryMay 14, 2022 - 1:28 a.m.
Improper Input Validation Apache Commons Email
2022-05-1401:28:26
Google
osv.dev
4
0.001 Low
EPSS
Percentile
44.3%
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called “Bounce Address”, and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
Related
cvelist
cvelist
CVE-2018-1294
2018-03-19 00:00:00
nvd
nvd
CVE-2018-1294
2018-03-20 17:29:00
openvas
openvas
Fedora Update for apache-commons-email FEDORA-2018-48d385a6fd
2018-02-15 00:00:00
Mageia: Security Advisory (MGASA-2018-0136)
2022-01-28 00:00:00
prion
prion
Input validation
2018-03-20 17:29:00
cve
cve
CVE-2018-1294
2018-03-20 17:29:00
nessus
nessus
openSUSE Security Update : apache-commons-email (openSUSE-2018-134)
2018-02-06 00:00:00
Fedora 26 : apache-commons-email (2018-48d385a6fd)
2018-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: apache-commons-email-1.5-1.fc26
2018-02-14 17:11:32
veracode
veracode
Information Disclosure
2018-01-29 03:11:31
github
github
Improper Input Validation Apache Commons Email
2022-05-14 01:28:26
debiancve
debiancve
CVE-2018-1294
2018-03-20 17:29:00
ubuntucve
ubuntucve
CVE-2018-1294
2018-03-20 00:00:00
mageia
mageia
Updated apache-commons-email packages fix security vulnerability
2018-02-25 02:25:24
ibm
ibm
