[MAVEN:GHSA-CGVF-22VV-83H5] Apache James Server OS Command Injection

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

Package	Affected Version
pkg:maven/org.apache.james/james-server	< 2.3.2.1

Package	Fixed Version
pkg:maven/org.apache.james/james-server	= 2.3.2.1

ID

MAVEN:GHSA-CGVF-22VV-83H5

Severity

high

URL

https://github.com/advisories/GHSA-cgvf-22vv-83h5

Published

2022-05-14T02:47:30
(2 years ago)

Modified

2023-08-02T21:03:02
(13 months ago)

Rights

Maven Security Team

Other Advisories

FREEBSD:BE3069C9-67E7-11E5-9909-002590263BF5

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2015-7611
			https://blogs.apache.org/james/entry/apache_james_server_2_3
			http://packetstormsecurity.com/files/133798/Apache-James-Server-2.3.2-Arbitrary-Command-Execution.html
			http://packetstormsecurity.com/files/156463/Apache-James-Server-2.3.2-Insecure-User-Creation-Arbitrary-File-Write.html
			http://www.openwall.com/lists/oss-security/2015/09/30/7
			http://www.openwall.com/lists/oss-security/2015/10/01/2
			https://web.archive.org/web/20201207092339/http://www.securityfocus.com/archive/1/536575/100/0/threaded
			https://github.com/advisories/GHSA-cgvf-22vv-83h5

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.james/james-server	org.apache.james	james-server	< 2.3.2.1
Fixed	pkg:maven/org.apache.james/james-server	org.apache.james	james-server	= 2.3.2.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date