CVE-2018-1294

Published: Mar 20, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).

Vendor	Product	Versions
Apache Software Foundation	Apache Commons Email	affected `versions prior to 1.5`

References

[oss-security] 20180126 CVE-2018-1294: Apache Commons Email vulnerability information disclosure

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1294

Description

Affected Products

References