Skip to main content

CWE-147

Improper Neutralization of Input Terminators

2 CVEs Avg CVSS 5.7 MITRE
0
CRITICAL
0
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-7962 Maven MEDIUM PATCH This Month

SMTP injection in Eclipse Jakarta Mail (and its Angus Mail implementation) prior to version 2.0.2 allows a low-privileged attacker to inject arbitrary SMTP protocol commands by embedding raw carriage return (\r) and line feed (\n) UTF-8 characters into email fields processed by the library. The library fails to sanitize these input terminators before passing data to the SMTP command stream, enabling an attacker with control over email content to inject additional SMTP commands, forge headers, or deliver unsolicited messages through a trusted mail relay. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Code Injection Jakarta Mail Angus Mail Red Hat Suse
NVD VulDB
CVSS 4.0
6.0
EPSS
0.8%
CVE-2024-52505 MEDIUM This Month

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

SMTP injection in Eclipse Jakarta Mail (and its Angus Mail implementation) prior to version 2.0.2 allows a low-privileged attacker to inject arbitrary SMTP protocol commands by embedding raw carriage return (\r) and line feed (\n) UTF-8 characters into email fields processed by the library. The library fails to sanitize these input terminators before passing data to the SMTP command stream, enabling an attacker with control over email content to inject additional SMTP commands, forge headers, or deliver unsolicited messages through a trusted mail relay. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Code Injection Jakarta Mail Angus Mail +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Information Disclosure
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy