org.apache.james:james-server@3.0-M1 vulnerabilities
-
latest version
3.8.1
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
3 months ago
-
licenses detected
- [3.0-beta2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.james:james-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library. How to fix Deserialization of Untrusted Data? Upgrade |
[,3.0.1)
|