Details

      Description

      The source code responsible for creating emails, independently from origin, is not checking the Subject line.

      Emails sent to the message bus or mail service that eventually lands here: https://github.com/liferay/liferay-portal/blob/master/portal-kernel/src/com/liferay/mail/kernel/model/MailMessage.java could benefit from multi-line check or sanitation.

      https://nvd.nist.gov/vuln/detail/CVE-2017-9801

      Upgrading the library would be a great plus, but it seems that a version change would affect several components and even third party software/plug-ins.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brian.chan Brian Chan
              Reporter:
              victorlima02 Victor de Lima Soares
              Participants of an Issue:
              Recent user:
              Tibor Lipusz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 10 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 DXP FP33
                  7.0.0 DXP SP7
                  7.0.5 CE GA6
                  7.0.X
                  Master