CVE-2024-21742

MEDIUM

Apache James MIME4J < 0.8.9 and apache-mime4j-core < 0.8.10 - Header Injection via MIME4J DOM

Title source: llm

Description

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/02/27/5

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy

Scores

CVSS v3 5.3

EPSS 0.0083

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74

Status published

Products (2)

apache/james_mime4j < 0.8.9

org.apache.james/apache-mime4j-core 0 - 0.8.10Maven

Published Feb 27, 2024

Tracked Since Feb 18, 2026