Vulnerability Details CVE-2018-1294
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2018-1294
-
cpe:2.3:a:apache:commons_email:1.0
-
cpe:2.3:a:apache:commons_email:1.1
-
cpe:2.3:a:apache:commons_email:1.2
-
cpe:2.3:a:apache:commons_email:1.3
-
cpe:2.3:a:apache:commons_email:1.3.1
-
cpe:2.3:a:apache:commons_email:1.3.2
-
cpe:2.3:a:apache:commons_email:1.3.3
-
cpe:2.3:a:apache:commons_email:1.4