{"schema_version": "1.6.1", "id": "CVE-2021-40110", "summary": "Apache James IMAP vulnerable to a ReDoS", "details": "In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression.  This affected Apache James prior to 3.6.1\n\nWe recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache James"}, {"last_affected": "Apache James"}]}]}], "references": [{"type": "ADVISORY", "url": "https://www.openwall.com/lists/oss-security/2022/01/04/2"}]}