MIME4J Library Vulnerable to Header Injection Attacks
CVE-2024-21742

Currently unrated

Key Information:

Vendor: Apache
Status: Apache James Mime4j
Vendor: CVE Published:; 27 February 2024

Summary

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Affected Version(s)

Apache James Mime4J 0 <= 0.8.9

References

https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/27/5

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Jan 2, 2024

Credit

Benoit TELLIER