VYPR
High severity7.5NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026

CVE-2017-9801

CVE-2017-9801

Description

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.commons:commons-emailMaven
>= 1.0, < 1.51.5

Affected products

11
  • cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*
    • (no CPE)range: 1.0 to 1.4
  • ghsa-coords2 versions
    >= 1.0, < 1.5+ 1 more
    • (no CPE)range: >= 1.0, < 1.5
    • (no CPE)range: < 1.5-3.10

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.