Critical severityNVD Advisory· Published Jan 4, 2022· Updated Aug 4, 2024
Sieve file storage vulnerable to path traversal attacks
CVE-2021-40525
Description
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.james:james-serverMaven | < 3.6.1 | 3.6.1 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:maven/org.apache.james/james-server
< 0+ 8 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.6.1
- Apache Software Foundation/Apache Jamesv5Range: Apache James
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c38m-7h53-g9v4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-40525ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/01/04/4ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/02/07/1ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/01/04/4ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.