{"schema_version": "1.6.1", "id": "CVE-2022-28220", "summary": "STARTTLS command injection in Apache JAMES", "details": "Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. \n\nFix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache James"}, {"last_affected": "Apache James"}]}]}], "references": [{"type": "ADVISORY", "url": "https://james.apache.org/james/update/2022/08/26/james-3.7.1.html"}]}