org.apache.commons:commons-email

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.commons:commons-emailpage 1 of 1

CVE-2017-9801HIGHCVSS 7.5EG 7.5✓ Fixed in 1.5
2017-08-07
vulnerable: 1.1 ... 1.4 (7 versions)
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
CVE-2018-1294HIGHCVSS 7.5✓ Fixed in 1.5
2018-03-20
vulnerable: 1.1 ... 1.4 (7 versions)
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulat…

Check whether org.apache.commons:commons-email is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.commons:commons-email CVEs against the assets you own.

Start Free Scan →