GHSA-9342-92gg-6v29

Опубликовано: 21 июл. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6

CVSS3: 7.5

Описание

Jakarta Mail vulnerable to SMTP Injection

In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

Ссылки

Пакеты

Наименование

org.eclipse.angus:smtp

maven

Затронутые версииВерсия исправления

< 2.0.4

2.0.4

EPSS

Процентиль: 12%

0.00039

Низкий

6 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-7962

Дефекты

CWE-147

Связанные уязвимости

CVE-2025-7962

CVSS3: 7.5

ubuntu

3 месяца назад

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

CVE-2025-7962

CVSS3: 5.3

redhat

3 месяца назад

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

CVE-2025-7962

CVSS3: 7.5

nvd

3 месяца назад

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

CVE-2025-7962

CVSS3: 7.5

debian

3 месяца назад

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by ut ...

SUSE-SU-2025:03025-1

suse-cvrf

около 2 месяцев назад

Security update for javamail

EPSS

Процентиль: 12%

0.00039

Низкий

6 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-7962

Дефекты

CWE-147