Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-w45j-f5g5-w94x: Apache James vulnerable to buffering attack

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

ghsa
#apache#git#ssl

Apache James vulnerable to buffering attack

High severity GitHub Reviewed Published Sep 9, 2022 • Updated Sep 15, 2022

Related news

CVE-2022-28220: Apache James

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection