Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.
This can be exploited by an malicious user to add unintended headers to MIME messages.
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: ...