VYPR
High severityNVD Advisory· Published Feb 6, 2025· Updated Feb 12, 2025

Apache James: denial of service through JMAP HTML to text conversion

CVE-2024-45626

Description

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service.

Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.james:james-server-jmap-draftMaven
>= 3.8.0, < 3.8.23.8.2
org.apache.james:james-server-jmap-draftMaven
< 3.7.63.7.6

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.