CVE-2024-21742— Apache James Mime4J: Mime4J DOM header injection

EPSS 0.83% · P75 Updated May 06, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-21742

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Apache James Mime4J: Mime4J DOM header injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

输出中的特殊元素转义处理不恰当(注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache James MIME4J 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache James MIME4J是美国阿帕奇（Apache）基金会的一个库。可用于解析纯 rfc822 和 MIME 格式的电子邮件消息流，并构建电子邮件消息的树表示。 Apache James MIME4J 0.8.9及之前版本存在输入验证错误漏洞，该漏洞源于允许攻击者在MIME4J库中向MIME消息注入标头。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache James Mime4J	0 ~ 0.8.9	-

II. Public POCs for CVE-2024-21742

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-21742

请登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2024-02-27 · 6 CVEs total

CVE-2023-50379		Apache Ambari: authenticated users could perform command injection to perform RCE
CVE-2023-51518		Apache James server: Privilege escalation via JMX pre-authentication deserialisation
CVE-2023-51747		SMTP smuggling in Apache James
CVE-2024-27905		Apache Aurora: padding oracle can allow construction an authentication cookie
CVE-2023-50380		Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server

IV. Related Vulnerabilities

Same product: Apache James Mime4J

CVE-2022-45787
Apache James MIME4J: Temporary File Information Disclosure i

Same vendor: Apache Software Foundation

Same weakness: CWE-74

V. Comments for CVE-2024-21742

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-21742— Apache James Mime4J: Mime4J DOM header injection

I. Basic Information for CVE-2024-21742

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-21742

III. Intelligence Information for CVE-2024-21742

Same Patch Batch · Apache Software Foundation · 2024-02-27 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-21742

Leave a comment