Updated apache-commons-email packages fix security vulnerability
Publication date: 24 Feb 2018Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1294
Description
Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated (CVE-2018-1294).
References
SRPMS
6/core
- apache-commons-email-1.5-1.mga6