Lucene search
PRIOn knowledge basePRION:CVE-2018-1294HistoryMar 20, 2018 - 5:29 p.m.
Input validation
2018-03-2017:29:00
PRIOn knowledge base
www.prio-n.com
4
0.001 Low
EPSS
Percentile
44.3%
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called “Bounce Address”, and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
| CPE | Name | Operator | Version |
|---|---|---|---|
| commons_email | ge | 1.0 | |
| commons_email | le | 1.4 |
References
Related
cve
cve
CVE-2018-1294
2018-03-20 17:29:00
ubuntucve
ubuntucve
CVE-2018-1294
2018-03-20 00:00:00
mageia
mageia
Updated apache-commons-email packages fix security vulnerability
2018-02-25 02:25:24
veracode
veracode
Information Disclosure
2018-01-29 03:11:31
github
github
Improper Input Validation Apache Commons Email
2022-05-14 01:28:26
debiancve
debiancve
CVE-2018-1294
2018-03-20 17:29:00
osv
osv
Improper Input Validation Apache Commons Email
2022-05-14 01:28:26
cvelist
cvelist
CVE-2018-1294
2018-03-19 00:00:00
nvd
nvd
CVE-2018-1294
2018-03-20 17:29:00
openvas
openvas
Fedora Update for apache-commons-email FEDORA-2018-48d385a6fd
2018-02-15 00:00:00
Mageia: Security Advisory (MGASA-2018-0136)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : apache-commons-email (openSUSE-2018-134)
2018-02-06 00:00:00
Fedora 26 : apache-commons-email (2018-48d385a6fd)
2018-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: apache-commons-email-1.5-1.fc26
2018-02-14 17:11:32
ibm
ibm
