Apache · Apache Commons Email · CVE-2018-1294
**Name of the Vulnerable Software and Affected Versions**
Apache Commons Email versions prior to 1.5
**Description**
The issue allows manipulation of email details, such as recipients and contents, if unvalidated input containing line-breaks is passed as the "Bounce Address".
**Recommendations**
For versions prior to 1.5, strip line-breaks from data passed to `Email.setBounceAddress(String)` as a mitigation measure.
Upgrade to Commons-Email 1.5 to resolve the issue.