Apache · Apache James · CVE-2021-38542
**Name of the Vulnerable Software and Affected Versions**
Apache James versions prior to 3.6.1
**Description**
The issue allows for a buffering attack using the STARTTLS command, potentially leading to Man-in-the-middle command injection attacks. This could result in the leakage of sensitive information.
**Recommendations**
For versions prior to 3.6.1, update to release 3.6.1 or later to resolve the issue.