CVE-2024-21742 — Injection in Software Foundation Apache James Mime4j

CWE-74 — Injection CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.7%

top 28.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache James Mime4j Apache James Mime4j

Timeline

PublishedFeb 27

Latest updateJul 15

Description

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDapache/james_mime4j0.8.9

▶CVEListV5apache_software_foundation/apache_james_mime4j0.8.9

🔴Vulnerability Details

OSV

Apache James MIME4J improper input validation vulnerability↗2024-02-27

▶

GHSA

Apache James MIME4J improper input validation vulnerability↗2024-02-27

▶

OSV

CVE-2024-21742: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message↗2024-02-27

▶

CVEList

Apache James Mime4J: Mime4J DOM header injection↗2024-02-27

▶

📋Vendor Advisories

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Integration (Apache James MIME4J) — CVE-2024-21742↗2024-07-15

▶

Red Hat

Mime4J: Mime4J DOM header injection↗2024-02-27

▶

Debian

CVE-2024-21742: apache-mime4j - Improper input validation allows for header injection in MIME4J library when usi...↗2024

▶