CVE-2024-21742 — Apache James MIME4J improper input validation vulnerability

Description

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

How to fix CVE-2024-21742

To remediate CVE-2024-21742, upgrade the affected package to a fixed version below.

Debian/apache-mime4j—no fix listed
—upgrade to 0.8.10 or later

Is CVE-2024-21742 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0
from 0, < 0.8.10

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-21742
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-21742
PATCHgithub.com/apache/james-mime4j
WEBgithub.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1