CVE-2024-21742 – org.apache.james:apache-mime4j-core

Package

Manager: maven
Name: org.apache.james:apache-mime4j-core
Vulnerable Version: >=0 <0.8.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00492 pctl0.64656

Details

Apache James MIME4J improper input validation vulnerability Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Metadata

Created: 2024-02-27T18:31:02Z
Modified: 2025-02-14T17:43:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-jw7r-rxff-gv24/GHSA-jw7r-rxff-gv24.json
CWE IDs: ["CWE-20", "CWE-74"]
Alternative ID: GHSA-jw7r-rxff-gv24
Finding: F184
Auto approve: 1