Improper input validation allows for header injection in MIME4J library
when using MIME4J DOM for composing message. This can be exploited by an
attacker to add unintended headers to MIME messages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | apache-mime4j | < any | UNKNOWN |
ubuntu | 20.04 | noarch | apache-mime4j | < any | UNKNOWN |
ubuntu | 22.04 | noarch | apache-mime4j | < any | UNKNOWN |
ubuntu | 24.04 | noarch | apache-mime4j | < any | UNKNOWN |
ubuntu | 16.04 | noarch | apache-mime4j | < any | UNKNOWN |
github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1 (apache-mime4j-project-0.8.10)
github.com/apache/james-mime4j/pull/91
launchpad.net/bugs/cve/CVE-2024-21742
lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy
nvd.nist.gov/vuln/detail/CVE-2024-21742
security-tracker.debian.org/tracker/CVE-2024-21742
www.cve.org/CVERecord?id=CVE-2024-21742
www.openwall.com/lists/oss-security/2024/02/27/5