CVE-2017-9801 - Improper Input Validation

Severity: High2021-12-08

Security Advisories

Abstract

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

The Oxygen XML products incorporates the Apache Commons Email as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion 4.1 and olderHigh Oxygen Content Fusion 4.1.2 build 2021112414

Mitigation

None

Detail

CVE-2017-9801

Severity: high

CVSS Score: 7.5

The Apache Commons Email third-party library used by Oxygen XML software products is an affected version mentioned in CVE-2017-9801 vulnerability description.

Starting with Oxygen Content Fusion version 4.1, the Apache Commons Email was updated to version 1.5, which includes a fix for CVE-2017-9801.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor