{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "Mime4J DOM header injection",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
              "lang": "en",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache James Mime4J",
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "packageName": "org.apache.james:apache-mime4j-dom",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "lessThanOrEqual": "0.8.9",
              "versionType": "maven"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.<br>This can be exploited by an attacker to add unintended headers to MIME messages.<br>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "low"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Benoit TELLIER",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2024-21742",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}