CVE-2021-38542: Command Injection in Apache James

January 8, 2022

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

References

github.com/advisories/GHSA-84wg-rgp8-2hg4
nvd.nist.gov/vuln/detail/CVE-2021-38542

Code Behaviors & Features

Detect and mitigate CVE-2021-38542 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →