-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty
Severity: low Vendor: The Apache Software Foundation Versions Affected: Apache Commons Email 1.0 to 1.4. Description: When a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers. Mitigation: Users should upgrade to Commons Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from the subject before passing it to the setSubject(String) method. Credit: This issue was discovered by Adam Williams. References: http://commons.apache.org/proper/commons-email/security-reports.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlmAyP8ACgkQohFa4V9ri3K7XQCgj69yH9nkBGRVJBG9+0DS1jc8 GJUAnRZrLznaNRzokj08JGBMy5wwHNTt =oSDx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@commons.apache.org For additional commands, e-mail: user-h...@commons.apache.org
