Moderate severityNVD Advisory· Published Feb 27, 2024· Updated May 6, 2025
Apache James Mime4J: Mime4J DOM header injection
CVE-2024-21742
Description
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.james:apache-mime4j-coreMaven | < 0.8.10 | 0.8.10 |
Affected products
145- osv-coords144 versionspkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-bitnami-fipspkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/keycloak-iamguarded-fipspkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-alertingpkg:apk/chainguard/opensearch-2-analysis-icupkg:apk/chainguard/opensearch-2-analysis-kuromojipkg:apk/chainguard/opensearch-2-analysis-noripkg:apk/chainguard/opensearch-2-analysis-phoneticpkg:apk/chainguard/opensearch-2-analysis-smartcnpkg:apk/chainguard/opensearch-2-analysis-stempelpkg:apk/chainguard/opensearch-2-analysis-ukrainianpkg:apk/chainguard/opensearch-2-anomaly-detectionpkg:apk/chainguard/opensearch-2-asynchronous-searchpkg:apk/chainguard/opensearch-2-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-crypto-kmspkg:apk/chainguard/opensearch-2-custom-codecspkg:apk/chainguard/opensearch-2-discovery-azure-classicpkg:apk/chainguard/opensearch-2-discovery-ec2pkg:apk/chainguard/opensearch-2-discovery-gcepkg:apk/chainguard/opensearch-2-entrypoint-compatpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-index-managementpkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-job-schedulerpkg:apk/chainguard/opensearch-2-jre-bcfipspkg:apk/chainguard/opensearch-2-jre-bcfips-alertingpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-icupkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-kuromojipkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-noripkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-phoneticpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-smartcnpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-stempelpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-ukrainianpkg:apk/chainguard/opensearch-2-jre-bcfips-anomaly-detectionpkg:apk/chainguard/opensearch-2-jre-bcfips-asynchronous-searchpkg:apk/chainguard/opensearch-2-jre-bcfips-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-jre-bcfips-crypto-kmspkg:apk/chainguard/opensearch-2-jre-bcfips-custom-codecspkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-azure-classicpkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-ec2pkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-gcepkg:apk/chainguard/opensearch-2-jre-bcfips-geospatialpkg:apk/chainguard/opensearch-2-jre-bcfips-identity-shiropkg:apk/chainguard/opensearch-2-jre-bcfips-index-managementpkg:apk/chainguard/opensearch-2-jre-bcfips-ingest-attachmentpkg:apk/chainguard/opensearch-2-jre-bcfips-job-schedulerpkg:apk/chainguard/opensearch-2-jre-bcfips-k-nnpkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-annotated-textpkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-murmur3pkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-sizepkg:apk/chainguard/opensearch-2-jre-bcfips-ml-commonspkg:apk/chainguard/opensearch-2-jre-bcfips-neural-searchpkg:apk/chainguard/opensearch-2-jre-bcfips-notificationspkg:apk/chainguard/opensearch-2-jre-bcfips-observabilitypkg:apk/chainguard/opensearch-2-jre-bcfips-performance-analyzerpkg:apk/chainguard/opensearch-2-jre-bcfips-reportingpkg:apk/chainguard/opensearch-2-jre-bcfips-repository-azurepkg:apk/chainguard/opensearch-2-jre-bcfips-repository-gcspkg:apk/chainguard/opensearch-2-jre-bcfips-repository-s3pkg:apk/chainguard/opensearch-2-jre-bcfips-securitypkg:apk/chainguard/opensearch-2-jre-bcfips-security-analyticspkg:apk/chainguard/opensearch-2-jre-bcfips-sqlpkg:apk/chainguard/opensearch-2-jre-bcfips-store-smbpkg:apk/chainguard/opensearch-2-jre-bcfips-telemetry-otelpkg:apk/chainguard/opensearch-2-jre-bcfips-transport-niopkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-mapper-annotated-textpkg:apk/chainguard/opensearch-2-mapper-murmur3pkg:apk/chainguard/opensearch-2-mapper-sizepkg:apk/chainguard/opensearch-2-ml-commonspkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-notificationspkg:apk/chainguard/opensearch-2-observabilitypkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-reportingpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-repository-gcspkg:apk/chainguard/opensearch-2-repository-s3pkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/opensearch-2-store-smbpkg:apk/chainguard/opensearch-2-telemetry-otelpkg:apk/chainguard/opensearch-2-transport-niopkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-alertingpkg:apk/wolfi/opensearch-2-analysis-icupkg:apk/wolfi/opensearch-2-analysis-kuromojipkg:apk/wolfi/opensearch-2-analysis-noripkg:apk/wolfi/opensearch-2-analysis-phoneticpkg:apk/wolfi/opensearch-2-analysis-smartcnpkg:apk/wolfi/opensearch-2-analysis-stempelpkg:apk/wolfi/opensearch-2-analysis-ukrainianpkg:apk/wolfi/opensearch-2-anomaly-detectionpkg:apk/wolfi/opensearch-2-asynchronous-searchpkg:apk/wolfi/opensearch-2-cross-cluster-replicationpkg:apk/wolfi/opensearch-2-crypto-kmspkg:apk/wolfi/opensearch-2-custom-codecspkg:apk/wolfi/opensearch-2-discovery-azure-classicpkg:apk/wolfi/opensearch-2-discovery-ec2pkg:apk/wolfi/opensearch-2-discovery-gcepkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-index-managementpkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-job-schedulerpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-mapper-annotated-textpkg:apk/wolfi/opensearch-2-mapper-murmur3pkg:apk/wolfi/opensearch-2-mapper-sizepkg:apk/wolfi/opensearch-2-ml-commonspkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-notificationspkg:apk/wolfi/opensearch-2-observabilitypkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-reportingpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-repository-gcspkg:apk/wolfi/opensearch-2-repository-s3pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/opensearch-2-store-smbpkg:apk/wolfi/opensearch-2-telemetry-otelpkg:apk/wolfi/opensearch-2-transport-niopkg:maven/org.apache.james/apache-mime4j-core
< 8.13.2-r1+ 143 more
- (no CPE)range: < 8.13.2-r1
- (no CPE)range: < 8.13.2-r1
- (no CPE)range: < 8.13.2-r1
- (no CPE)range: < 8.13.2-r1
- (no CPE)range: < 8.13.2-r1
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 24.0.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 0.8.10
- Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-jw7r-rxff-gv24ghsaADVISORY
- lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfyghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-21742ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/02/27/5ghsaWEB
- github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1ghsaWEB
- github.com/apache/james-mime4j/commit/d25fb3fd35db42b060789a20634fbe3cb84aba17ghsaWEB
News mentions
0No linked articles in our index yet.