High severity7.5NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2017-9801
CVE-2017-9801
Description
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.commons:commons-emailMaven | >= 1.0, < 1.5 | 1.5 |
Affected products
11cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*
- (no CPE)range: 1.0 to 1.4
- ghsa-coords2 versionspkg:maven/org.apache.commons/commons-emailpkg:rpm/opensuse/apache-commons-email&distro=openSUSE%20Tumbleweed
>= 1.0, < 1.5+ 1 more
- (no CPE)range: >= 1.0, < 1.5
- (no CPE)range: < 1.5-3.10
Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/100082nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1039043nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-p7vm-phxx-g722ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-9801ghsaADVISORY
- lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3EghsaWEB
- lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3Envd
News mentions
0No linked articles in our index yet.