UBUNTU-CVE-2024-21742
- Source
- https://ubuntu.com/security/CVE-2024-21742
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-21742.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-21742
- Upstream
- Published
- 2024-02-27T17:15:00Z
- Modified
- 2025-07-14T07:01:56.596051Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
- References
-
- https://ubuntu.com/security/CVE-2024-21742
- https://www.openwall.com/lists/oss-security/2024/02/27/5
- https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1
- https://github.com/apache/james-mime4j/pull/91
- https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy
- https://www.cve.org/CVERecord?id=CVE-2024-21742
Affected packages
Ubuntu:Pro:16.04:LTS / apache-mime4j
Package
- Name
- apache-mime4j
- Purl
- pkg:deb/ubuntu/apache-mime4j@0.7.2-4?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / apache-mime4j
Package
- Name
- apache-mime4j
- Purl
- pkg:deb/ubuntu/apache-mime4j@0.7.2-4?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / apache-mime4j
Package
- Name
- apache-mime4j
- Purl
- pkg:deb/ubuntu/apache-mime4j@0.8.2-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / apache-mime4j
Package
- Name
- apache-mime4j
- Purl
- pkg:deb/ubuntu/apache-mime4j@0.8.2-1?arch=source&distro=jammy
Ubuntu:24.04:LTS / apache-mime4j
Package
- Name
- apache-mime4j
- Purl
- pkg:deb/ubuntu/apache-mime4j@0.8.10-1?arch=source&distro=noble