CVE-2021-40525

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.jamesframework/james

Identifiers

CVE-2021-40525

Package Slug

maven/org.jamesframework/james

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

Affected Versions

All versions before 3.6.2

Solution

Upgrade to version 3.6.2 or above.

Last Modified

2022-01-13

source