apache-james-mailbox-api is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in the PrefixedRegex
function in PrefixedRegex.java
, allowing an attacker to cause an application crash by providing crafted IMAP list commands.
CPE | Name | Operator | Version |
---|---|---|---|
apache james :: mailbox :: api | le | 3.6.0 | |
apache james :: mailbox :: api | le | 3.6.0 |
www.openwall.com/lists/oss-security/2022/01/04/2
github.com/apache/james-project/commit/90ec73f3138e272896d110575eeb063f6eef1d9c
github.com/apache/james-project/pull/612
github.com/apache/james-project/pull/615
issues.apache.org/jira/browse/JAMES-3635
www.mail-archive.com/[email protected]/msg70762.html
www.openwall.com/lists/oss-security/2022/01/04/2