{"schema_version": "1.6.1", "id": "CVE-2022-22931", "summary": "Path traversal in Apache James 3.6.1", "details": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.\n\nAffected implementations include:\n - maildir mailbox store\n - Sieve file repository\n\nThis enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.6.1"}, {"last_affected": "3.6.1"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"type": "ADVISORY", "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}]}