If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Apache |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5307 | If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String). |
 Github GHSA |
GHSA-v7cm-w955-pj6g | Improper Input Validation Apache Commons Email |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| http://seclists.org/oss-sec/2018/q1/107 |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-09-16T22:31:23.620Z
Reserved: 2017-12-07T00:00:00
Link: CVE-2018-1294
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-20T17:29:00.207
Modified: 2024-11-21T03:59:33.803
Link: CVE-2018-1294
Redhat
No data.
OpenCVE Enrichment
No data.