Hi all,
Apache EventMesh (incubating) Team is glad to announce the new release
of Apache EventMesh (incubating) 1.3.0.
Apache EventMesh (incubating) is a dynamic cloud-native eventing
infrastructure used to decouple the application and backend middleware
layer, which supports a wide range of use
Description:
Apache James ManagedSieve implementation alongside with the file storage for
sieve scripts is vulnerable to path traversal, allowing reading and writing any
file. This vulnerability had been patched in Apache James 3.6.1 and higher. We
recommend the upgrade.
This issue is being
The Apache OFBiz community is pleased to announce the new release "Apache
OFBiz 18.12.05".
Apache OFBiz® is an open source product for the automation of enterprise
processes that includes framework components and business applications.
http://ofbiz.apache.org/
"Apache OFBiz 18.12.05" is the
Severity: moderate
Description:
While fuzzing with Jazzer the IMAP parsing stack we discover that crafted
APPEND and STATUS IMAP command could be used to trigger infinite loops
resulting in expensive CPU computations and OutOfMemory exceptions.
This can be used for a Denial Of Service attack.
Severity: moderate
Description:
Using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST
commands to orchestrate a Denial Of Service using a vulnerable Regular
expression. This affected Apache James prior to 3.6.1
This issue is being tracked as JAMES-3635
Mitigation:
We
Severity: moderate
Description:
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying
on the use of the STARTTLS command. This can result in Man-in -the-middle
command injection attacks, leading potentially to leakage of sensible
information.
This issue is being