Description
Apache Commons Email is vulnerable to SMTP header injection (CVE-2017-9801). Liferay Portal is not vulnerable, however, custom modules/apps using the Commons Email JAR bundled with the portal may be vulnerable.
Workaround: Developers can modify their module/apps to use a fixed version of Commons Email instead of using the Commons Email JAR that is bundled with the portal.
Severity
Severity 2
Fixed Version(s)
Publication date: Tue, 03 Apr 2018 09:15:00 +0000