Jakarta Mail SMTP Injection Vulnerability

Vulnerability

A SMTP injection vulnerability has been identified in Jakarta Mail version 2.2. This issue arises from the improper handling of UTF-8 characters, specifically the carriage return and newline, which can be used to manipulate the separation of messages in the SMTP protocol.

Impact

Exploitation of this vulnerability allows for SMTP injection, where an attacker can manipulate email headers or content by injecting malicious data into the SMTP message stream.

Added: Jul 21, 2025, 6:16 PM

Updated: Jul 21, 2025, 6:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jakarta Mail SMTP Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating