CVE-2022-28220

Improper Neutralization of Special Elements used in a Command ('Command Injection') in maven/org.jamesframework/james

Identifiers

CVE-2022-28220

Package Slug

maven/org.jamesframework/james

Vulnerability

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Description

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

Affected Versions

All versions up to 3.6.2, version 3.7.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-14

source