]> source.dussan.org Git - sonarqube.git/commitdiff
CVE-2017-9801 ( commons-email )
authorVinod Anandan <vinod@owasp.org>
Mon, 14 Aug 2017 21:01:53 +0000 (22:01 +0100)
committerSimon Brandhof <simon.brandhof@sonarsource.com>
Tue, 22 Aug 2017 06:51:35 +0000 (08:51 +0200)
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801

pom.xml

diff --git a/pom.xml b/pom.xml
index ec3b222af0c7ab9b802dbdd998cd22c160a3370b..ad4bb79ded17d75874e9cd8328095e038f9563c6 100644 (file)
--- a/pom.xml
+++ b/pom.xml
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-email</artifactId>
-        <version>1.3.2</version>
+        <version>1.5</version>
       </dependency>
       <dependency>
         <groupId>commons-lang</groupId>