PT-2018-11495 · Apache · Apache Commons Email

Alexander Lehmann

Publicado

2018-02-24

Atualizado

2022-05-14

CVE-2018-1294

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Commons Email versions prior to 1.5

Description The issue allows manipulation of email details, such as recipients and contents, if unvalidated input containing line-breaks is passed as the "Bounce Address".

Recommendations For versions prior to 1.5, strip line-breaks from data passed to Email.setBounceAddress(String) as a mitigation measure. Upgrade to Commons-Email 1.5 to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-1294

GHSA-V7CM-W955-PJ6G

MGASA-2018-0136

Produtos afetados

Apache Commons Email

PT-2018-11495 · Apache · Apache Commons Email

CVE-2018-1294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12