{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:55:26.663","vulnerabilities":[{"cve":{"id":"CVE-2018-1294","sourceIdentifier":"security@apache.org","published":"2018-03-20T17:29:00.207","lastModified":"2024-11-21T03:59:33.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String)."},{"lang":"es","value":"Si un usuario de Apache Commons Email (normalmente un programador de aplicaciones) pasa entradas no validadas como \"Bounce Address\" que contienen saltos de línea, los detalles de email (destinatarios, contenido, etc.) podrían ser manipulados. Mitigación: Los usuarios deberían actualizar a Commons-Email 1.5. Se puede mitigar esta vulnerabilidad en versiones antiguas de Commons Email eliminando los saltos de línea de los datos que serán pasados a Email.setBounceAddress(String)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:N\/C:N\/I:P\/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0","versionEndIncluding":"1.4","matchCriteriaId":"D40F5E36-3CFC-4DD5-8260-05923D072A0D"}]}]}],"references":[{"url":"http:\/\/seclists.org\/oss-sec\/2018\/q1\/107","source":"security@apache.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http:\/\/seclists.org\/oss-sec\/2018\/q1\/107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]}]}}]}