← volver
CVE-2024-45626

Apache James: denial of service through JMAP HTML to text conversion

CVSS 6.5 MEDIUMEPSS 0.7%CWE-400
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
06 feb 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H