Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-11761

CVE-2017-9801 - org.apache.commons_commons-email

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.7
    • Fix Version/s: 6.7.7
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      A user reported a Twistlock report that showed a vulnerability in the following package:

      Package Name: org.apache.commons_commons-email
      Package Version: 1.3.2
      Fixed In: 1.5
      Description: When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
      Type: Java
      Severity: High

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                simon.brandhof Simon Brandhof
                Reporter:
                lars.svensson Lars Svensson (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: