Source: apache-mime4j X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for apache-mime4j. CVE-2024-21742[0]: | Improper input validation allows for header injection in MIME4J | library when using MIME4J DOM for composing message. This can be | exploited by an attacker to add unintended headers to MIME messages. https://www.openwall.com/lists/oss-security/2024/02/27/5 https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1 (apache-mime4j-project-0.8.10) https://github.com/apache/james-mime4j/pull/91 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-21742 https://www.cve.org/CVERecord?id=CVE-2024-21742 Please adjust the affected versions in the BTS as needed.