org.apache.james:apache-james-mailbox-maildir is vulnerable to path traversal. Improper validations in underlying file names allow remote attackers to inject relative paths to read and write files on any location.
CPE | Name | Operator | Version |
---|---|---|---|
apache james :: mailbox :: maildir | le | 3.6.0 | |
apache james :: mailbox :: maildir | le | 3.6.0 |
www.openwall.com/lists/oss-security/2022/01/04/4
www.openwall.com/lists/oss-security/2022/02/07/1
github.com/apache/james-project/commit/c019c349f9cb2dc6e767e71ea26cb1789ec482f9
github.com/apache/james-project/pull/659
issues.apache.org/jira/browse/JAMES-3646
www.openwall.com/lists/oss-security/2022/01/04/4
www.openwall.com/lists/oss-security/2022/01/04/4