CVE-2024-45626 – org.apache.james:james-server-jmap-draft

Package

Manager: maven
Name: org.apache.james:james-server-jmap-draft
Vulnerable Version: >=3.8.0 <3.8.2 || >=0 <3.7.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0058 pctl0.67935

Details

Apache James vulnerable to denial of service through JMAP HTML to text conversion Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.

Metadata

Created: 2025-02-06T12:31:58Z
Modified: 2025-02-11T19:04:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-57m2-h3fw-rxhw/GHSA-57m2-h3fw-rxhw.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-57m2-h3fw-rxhw
Finding: F002
Auto approve: 1