发布时间: 2025年8月8日
修改时间: 2025年8月8日
A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.3 |
| Attack Complexity | High | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | High | |
| User Interaction | None | |
| Availability | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2801 | jakarta-mail security update | 2025年9月16日 |
| 产品 | 包 | 状态 |
|---|---|---|
| V6 | jakarta-mail | Fixed |
| KY3.5.3 | jakarta-mail | Fixed |
| KY3.5.2 | jakarta-mail | Fixed |
