CVE-2024-21742

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-21742
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21742.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-21742
Aliases
Related
Published
2024-02-27T17:15:12Z
Modified
2024-09-11T06:12:41.915505Z
Summary
[none]
Details

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

References

Affected packages

Debian:11 / apache-mime4j

Package

Name
apache-mime4j
Purl
pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.2-1
0.8.10-1
0.8.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache-mime4j

Package

Name
apache-mime4j
Purl
pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.2-1
0.8.10-1
0.8.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache-mime4j

Package

Name
apache-mime4j
Purl
pkg:deb/debian/apache-mime4j?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.10-1

Affected versions

0.*

0.8.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}