Vulnerabilities

 1 via 1 paths

Dependencies

 22

Source

 GitHub

Commit

 b9e1723a

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity
new

Improper Neutralization

  • Vulnerable module: org.eclipse.angus:angus-mail
  • Introduced through: org.glassfish.jersey.media:jersey-media-moxy@4.0.0-M3

Detailed paths

  • Introduced through: mixaverros88/java-api@mixaverros88/java-api#b9e1723af83e8c7236c9bedf4689c35a40c25b3d org.glassfish.jersey.media:jersey-media-moxy@4.0.0-M3 org.eclipse.persistence:org.eclipse.persistence.moxy@5.0.0-B09 org.eclipse.angus:angus-mail@2.0.3

Overview

org.eclipse.angus:angus-mail is an Angus Mail Provider.

Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters.

Note:

This is only exploitable if the provided dependency org.eclipse.angus:smtp is used.

Remediation

Upgrade org.eclipse.angus:angus-mail to version 2.0.4 or higher.

References

Improper Neutralization vulnerability report

medium severity

EPL-1.0 license

  • Module: junit:junit
  • Introduced through: org.glassfish.jersey.media:jersey-media-moxy@4.0.0-M3

Detailed paths

  • Introduced through: mixaverros88/java-api@mixaverros88/java-api#b9e1723af83e8c7236c9bedf4689c35a40c25b3d org.glassfish.jersey.media:jersey-media-moxy@4.0.0-M3 jakarta.json.bind:jakarta.json.bind-api@3.0.1 junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report