44 matches found
EUVD-2025-4972
Malicious code in bioql PyPI...
EUVD-2023-1405
Malicious code in bioql PyPI...
EUVD-2023-0555
Malicious code in bioql PyPI...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Denial Of Service (DoS)
Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)
org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the JsoupHtmlTextExtractor function. An attacker can cause unbounded memory consumption leading to a denial of service by sending crafted HTML content that triggers excessive memory allocation. Details Denial o...
org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)
org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)
org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory: OSV:GHSA-57M2-H3FW-RXHW...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
GHSA-JW7R-RXFF-GV24 Apache James MIME4J improper input validation vulnerability
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...
Privilege Escalation
org.apache.james:james-server-cli is vulnerable to Privilege Escalation. The library does not require admin privileges to access the JMX management service by default, which allows a local authenticated attacker to elevate their privileges...
Apache James server's JMX management service vulnerable to privilege escalation by local user
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
PT-2023-20578 · Apache · Apache James Server
Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...
Command injection
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
CVE-2022-45935 Apache James server: Temporary File Information Disclosure
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
CVE-2022-45935 Apache James server: Temporary File Information Disclosure
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...