Details

      Description

      The source code responsible for creating emails, independently from origin, is not checking the Subject line.

      Emails sent to the message bus or mail service that eventually lands here: https://github.com/liferay/liferay-portal/blob/master/portal-kernel/src/com/liferay/mail/kernel/model/MailMessage.java could benefit from multi-line check or sanitation.

      https://nvd.nist.gov/vuln/detail/CVE-2017-9801

      Upgrading the library would be a great plus, but it seems that a version change would affect several components and even third party software/plug-ins.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  2 years, 11 weeks, 1 day ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 DXP FP33
                  7.0.0 DXP SP7
                  7.0.5 CE GA6
                  7.0.X
                  Master