CST-7045 SMTP header injection vulnerability via Commons Email

Description

Apache Commons Email is vulnerable to SMTP header injection (CVE-2017-9801). Liferay Portal is not vulnerable, however, custom modules/apps using the Commons Email JAR bundled with the portal may be vulnerable.

Workaround: Developers can modify their module/apps to use a fixed version of Commons Email instead of using the Commons Email JAR that is bundled with the portal.

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 03 Apr 2018 09:15:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.