Red Hat Bugzilla – Bug 1477540
CVE-2017-9801 apache-commons-email: SMTP header injection vulnerabilty
Last modified: 2017-08-02 07:12:52 EDT
When a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers.
This vulnerability can be mitigated for older versions of Commons Email by stripping line-breaks from the subject before passing it to the setSubject(String) method.
Created apache-commons-email tracking bugs for this issue:
Affects: fedora-all [bug 1477541]