High severity7.5NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026
CVE-2017-9801
CVE-2017-9801
Description
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.commons:commons-emailMaven | >= 1.0, < 1.5 | 1.5 |
Affected products
9cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*
- Apache Software Foundation/Apache Commons Emailv5Range: 1.0 to 1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.securityfocus.com/bid/100082nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1039043nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-p7vm-phxx-g722ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-9801ghsaADVISORY
- lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3EghsaWEB
- lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3Envd
News mentions
0No linked articles in our index yet.