CVE-2021-40525

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-40525
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40525.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40525
Aliases
Related
Published
2022-01-04T09:15:07Z
Modified
2024-09-03T03:56:18.632242Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

References

Affected packages

Git / github.com/apache/james-project

Affected ranges

Type
GIT
Repo
https://github.com/apache/james-project
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

cassandra_migration_v1_to_v2

james-project-3.*

james-project-3.0-beta5
james-project-3.0.0
james-project-3.0.0-RC1
james-project-3.0.0-beta5
james-project-3.3.0
james-project-3.4.0
james-project-3.6.0
james-project-3.6.1

pre-3.*

pre-3.1.0