CVE-2024-21742

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21742

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21742.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21742

Aliases

GHSA-jw7r-rxff-gv24

Related

Published

2024-02-27T17:15:12Z

Modified

2024-09-18T03:24:53.798122Z

Summary

[none]

Details

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

References

Affected packages

Debian:11 / apache-mime4j

Package

Name: apache-mime4j
Purl: pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.2-1

0.8.10-1

0.8.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache-mime4j

Package

Name: apache-mime4j
Purl: pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.2-1

0.8.10-1

0.8.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache-mime4j

Package

Name: apache-mime4j
Purl: pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.10-1

Affected versions

0.*

0.8.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}