Security Bulletin: Rational Performance Tester contains a vulnerability which could effect its use of the MIME4J library

Summary Due to the use of the MIME4J library, Rational Performance Tester contains a vulnerability that could potentially allow access to sensitive data. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvid...

EUVD-2023-0529

Malicious code in bioql PyPI...

OESA-2025-2345 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

OESA-2025-2344 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

OESA-2025-2343 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

Linux Distros Unpatched Vulnerability : CVE-2024-21742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add...

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...

Oracle Primavera Unifier (Jul 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22201...

OESA-2024-1475 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...

OESA-2024-1477 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...

OESA-2024-1478 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...

OESA-2024-1476 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...

OESA-2024-1333 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CVE-2024-21742...

Apache James MIME4J Input Validation Error Vulnerability

Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...

CVE-2024-21742

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

Header Injection

org.apache.james: apache-mime4j-core is vulnerable to Header Injection. The vulnerability is due to improper input validation when using MIME4J DOM to compose messages, which allows an attacker to add unintended headers to MIME messages...

Apache James MIME4J improper input validation vulnerability

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), au.com.turingg:turingg-files (=0.0.1) +1172 more potentially affected by CVE-2024-21742 via org.apache.james:apache-mime4j-core (>=0.7 <=0.8.1)

org.apache.james:apache-mime4j-core MAVEN version =0.7, =1.3, =1.0.1, =3.00.4, =3.00.3, =4.00.10, =3.6.1, =3.11.0, =0.1, =1.2.3, =1.1, =0.3, =0.2, =0.3 and more Source cves: CVE-2024-21742 Source advisory: OSV:GHSA-JW7R-RXFF-GV24...