← voltar
CVE-2024-45626

Apache James: denial of service through JMAP HTML to text conversion

CVSS 6.5 MEDIUMEPSS 0.7%CWE-400
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
06 fev 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H