Moderate severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024
Path traversal in Apache James 3.6.1
CVE-2022-22931
Description
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.james:james-serverMaven | < 3.6.2 | 3.6.2 |
Affected products
2- Apache Software Foundation/Apache Jamesv5Range: Apache James 3.6.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-v84g-cf5j-xjqxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-22931ghsaADVISORY
- github.com/apache/james-project/pull/877ghsaWEB
- github.com/apache/james-project/pull/877/commits/b1e891a9e5eeadfa1d779ae50f21c73efe4d2fc7ghsaWEB
- lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmprghsax_refsource_MISCWEB
- www.openwall.com/lists/oss-security/2022/02/07/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.