Vulnerabilities

 1 via 1 paths

Dependencies

 22

Source

 GitHub

Commit

 779de6ab

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Improper Neutralization

  • Vulnerable module: org.eclipse.angus:angus-mail
  • Introduced through: org.glassfish.jersey.media:jersey-media-moxy@4.0.0

Detailed paths

  • Introduced through: mixaverros88/java-api@mixaverros88/java-api#779de6ab5b6897e86ef83abfea2ee2e7b68f338a org.glassfish.jersey.media:jersey-media-moxy@4.0.0 org.eclipse.persistence:org.eclipse.persistence.moxy@5.0.0-B09 org.eclipse.angus:angus-mail@2.0.3

Overview

org.eclipse.angus:angus-mail is an Angus Mail Provider.

Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters.

Note:

This is only exploitable if the provided dependency org.eclipse.angus:smtp is used.

Remediation

Upgrade org.eclipse.angus:angus-mail to version 2.0.4 or higher.

References

Improper Neutralization vulnerability report

medium severity

EPL-1.0 license

  • Module: junit:junit
  • Introduced through: org.glassfish.jersey.media:jersey-media-moxy@4.0.0

Detailed paths

  • Introduced through: mixaverros88/java-api@mixaverros88/java-api#779de6ab5b6897e86ef83abfea2ee2e7b68f338a org.glassfish.jersey.media:jersey-media-moxy@4.0.0 jakarta.json.bind:jakarta.json.bind-api@3.0.1 junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report