org.apache.james: apache-mime4j-core is vulnerable to Header Injection. The vulnerability is due to improper input validation when using MIME4J DOM to compose messages, which allows an attacker to add unintended headers to MIME messages.
CPE | Name | Operator | Version |
---|---|---|---|
apache james :: mime4j :: core | le | 0.8.9 | |
apache james :: mime4j :: core | le | 0.8.9 |
www.openwall.com/lists/oss-security/2024/02/27/5
github.com/advisories/GHSA-jw7r-rxff-gv24
github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1#diff-b030cd98dcf3305783e5eb00df6f0580d1a01cb9ea5b978de7be659c7e5b08f7
github.com/apache/james-mime4j/commit/d25fb3fd35db42b060789a20634fbe3cb84aba17
lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy