Vulnerability Description
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | James Mime4J | <= 0.8.9 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfyMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/02/27/5Mailing List
- https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfyMailing ListVendor Advisory
FAQ
What is CVE-2024-21742?
CVE-2024-21742 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
How severe is CVE-2024-21742?
CVE-2024-21742 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21742?
Check the references section above for vendor advisories and patch information. Affected products include: Apache James Mime4J.