CVE-2021-40110
maven/org.jamesframework/james
Regular expression Denial of Service
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
All versions before 3.6.1
Unfortunately, there is no solution available yet.
2022-01-13
source |