When a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers. This vulnerability can be mitigated for older versions of Commons Email by stripping line-breaks from the subject before passing it to the setSubject(String) method. References: http://seclists.org/oss-sec/2017/q3/231
Created apache-commons-email tracking bugs for this issue: Affects: fedora-all [bug 1477541]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.