CVE-2016-4803

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-4803
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4803.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4803
Published
2016-06-30T17:59:06.797Z
Modified
2026-04-10T03:52:24.654943Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

References

Affected packages

Git / github.com/dotcms/core

Affected ranges

Type
GIT
Repo
https://github.com/dotcms/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
55f3f10337ebebf74c22ac82a411c4af276c6b09
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.1"
        }
    ]
}

Affected versions

3.*
3.0
3.2
3.2.1
3.3
3.3.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4803.json"