Описание
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | not-affected | 1.5-1 |
| cosmic | not-affected | 1.5-1 |
| devel | not-affected | 1.5-1 |
| esm-apps/bionic | not-affected | 1.5-1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 1.5 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
If a user of Apache Commons Email (typically an application programmer ...
5 Medium
CVSS2
7.5 High
CVSS3