MGASA-2018-0136

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0136.html

Import Source

https://advisories.mageia.org/MGASA-2018-0136.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0136

Upstream

CVE-2018-1294

Published

2018-02-24T23:25:24Z

Modified

2026-04-16T06:23:40.026480985Z

Summary

Updated apache-commons-email packages fix security vulnerability

Details

Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated (CVE-2018-1294).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / apache-commons-email

Package

Name: apache-commons-email
Purl: pkg:rpm/mageia/apache-commons-email?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0136.json"