OESA-2025-2296

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2296

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-2296.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-2296

Upstream

CVE-2022-45787

Published

2025-09-19T13:12:54Z

Modified

2025-09-19T14:02:43.216333Z

Summary

apache-mime4j security update

Details

Java stream based MIME message parser.

Security Fix(es):

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.

We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / apache-mime4j

Package

Name: apache-mime4j
Purl: pkg:rpm/openEuler/apache-mime4j&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.1-3.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "apache-mime4j-0.8.1-3.oe2003sp4.noarch.rpm",
        "apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "apache-mime4j-0.8.1-3.oe2003sp4.src.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2025-2296.json"