Описание
Jakarta Mail vulnerable to SMTP Injection
In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-7962
- https://github.com/eclipse-ee4j/angus-mail/commit/269099b652a0a5c2fa140f1296a18f0fbbea0d44
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/67
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/290
- http://www.openwall.com/lists/oss-security/2025/09/03/4
Пакеты
Наименование
org.eclipse.angus:smtp
maven
Затронутые версииВерсия исправления
< 2.0.4
2.0.4
Связанные уязвимости
CVSS3: 7.5
ubuntu
4 месяца назад
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
CVSS3: 5.3
redhat
4 месяца назад
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
CVSS3: 7.5
nvd
4 месяца назад
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
CVSS3: 7.5
debian
4 месяца назад
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by ut ...
