Lucene search
Veracode Vulnerability DatabaseVERACODE:33519HistoryJan 05, 2022 - 5:54 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-01-0505:54:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
51.8%
apache-james-mailbox-api is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in the PrefixedRegex function in PrefixedRegex.java, allowing an attacker to cause an application crash by providing crafted IMAP list commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache james :: mailbox :: api | le | 3.6.0 | |
| apache james :: mailbox :: api | le | 3.6.0 |
References
www.openwall.com/lists/oss-security/2022/01/04/2
github.com/apache/james-project/commit/90ec73f3138e272896d110575eeb063f6eef1d9c
github.com/apache/james-project/pull/612
github.com/apache/james-project/pull/615
issues.apache.org/jira/browse/JAMES-3635
www.mail-archive.com/[email protected]/msg70762.html
www.openwall.com/lists/oss-security/2022/01/04/2
Related
github
github
Denial of Service in Apache James
2022-01-08 00:40:30
osv
osv
Denial of Service in Apache James
2022-01-08 00:40:30
CVE-2021-40110
2022-01-04 09:15:07
cnvd
cnvd
Apache James Denial of Service Vulnerability (CNVD-2022-02755)
2022-01-07 00:00:00
cvelist
cvelist
CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS
2022-01-04 08:55:22
cve
cve
CVE-2021-40110
2022-01-04 09:15:07
prion
prion
Design/Logic Flaw
2022-01-04 09:15:00
nvd
nvd
CVE-2021-40110
2022-01-04 09:15:07