Description
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Email | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5307 | If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String). |
 Github GHSA |
GHSA-v7cm-w955-pj6g | Improper Input Validation Apache Commons Email |
References
| Link | Providers |
|---|---|
| http://seclists.org/oss-sec/2018/q1/107 |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-09-16T22:31:23.620Z
Reserved: 2017-12-07T00:00:00.000Z
Link: CVE-2018-1294
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-20T17:29:00.207
Modified: 2024-11-21T03:59:33.803
Link: CVE-2018-1294
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses