Apache Software Foundation Apache James Mime4J vulnerabilities

2 known vulnerabilities affecting apache_software_foundation/apache_james_mime4j.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2024-21742MEDIUMCVSS 5.3≤ 0.8.92024-02-27

CVE-2024-21742 [MEDIUM] CWE-74 CVE-2024-21742: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for co Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

CVE-2022-45787MEDIUMCVSS 5.5≤ 0.8.82023-01-06

CVE-2022-45787 [MEDIUM] CWE-312 CVE-2022-45787: Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead t Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.