Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Commons Email
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1294 1 Apache 1 Commons Email 2019-03-07 5.0 MEDIUM 7.5 HIGH
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
CVE-2017-9801 1 Apache 1 Commons Email 2017-08-09 5.0 MEDIUM 7.5 HIGH
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.