Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-9342-92GG-6V29
Vulnerability from github – Published: 2025-07-21 18:32 – Updated: 2026-04-16 18:47
VLAI
Summary
Jakarta Mail vulnerable to SMTP Injection
Details
In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Severity
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.angus:smtp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sun.mail:jakarta.mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sun.mail:jakarta.mail"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-7962"
],
"database_specific": {
"cwe_ids": [
"CWE-147"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-06T20:44:37Z",
"nvd_published_at": "2025-07-21T18:15:28Z",
"severity": "MODERATE"
},
"details": "In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the\u00a0\\r and \\n UTF-8 characters to separate different messages.",
"id": "GHSA-9342-92gg-6v29",
"modified": "2026-04-16T18:47:48Z",
"published": "2025-07-21T18:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7962"
},
{
"type": "WEB",
"url": "https://github.com/jakartaee/mail-api/issues/765"
},
{
"type": "WEB",
"url": "https://github.com/jakartaee/mail-api/pull/760"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-ee4j/angus-mail/commit/269099b652a0a5c2fa140f1296a18f0fbbea0d44"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-ee4j/angus-mail"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/67"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/290"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/290#note_5320539"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/03/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Jakarta Mail vulnerable to SMTP Injection"
}
cleanstart-2026-fa60324
Vulnerability from cleanstart
Published
2026-04-15 00:42
Modified
2026-04-14 09:27
Summary
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session
Details
Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FA60324",
"modified": "2026-04-14T09:27:59Z",
"published": "2026-04-15T00:42:39.375533Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FA60324.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-w9fj-cfpg-grvv"
]
}
cleanstart-2026-gx01236
Vulnerability from cleanstart
Published
2026-05-18 13:18
Modified
2026-05-13 10:46
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.5-r0, 26.5.5-r1, 26.5.6-r3
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GX01236",
"modified": "2026-05-13T10:46:16Z",
"published": "2026-05-18T13:18:58.023725Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GX01236.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.5-r0, 26.5.5-r1, 26.5.6-r3",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp"
]
}
cleanstart-2026-kc06018
Vulnerability from cleanstart
Published
2026-04-06 02:52
Modified
2026-04-01 11:37
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KC06018",
"modified": "2026-04-01T11:37:49Z",
"published": "2026-04-06T02:52:37.677608Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KC06018.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-w9fj-cfpg-grvv"
]
}
cleanstart-2026-po27799
Vulnerability from cleanstart
Published
2026-05-18 13:37
Modified
2026-05-07 10:33
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2025-59250, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-cm33-6792-r9fm, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.5.0-r2, 26.5.6-r3, 26.5.7-r0
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.7-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PO27799",
"modified": "2026-05-07T10:33:31Z",
"published": "2026-05-18T13:37:33.587383Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PO27799.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2025-59250, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-cm33-6792-r9fm, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.5.0-r2, 26.5.6-r3, 26.5.7-r0",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"CVE-2025-59250",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-38f8-5428-x5cv",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-45q3-82m4-75jr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-57rv-r2g8-2cj3",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cbdj-484d-3x9q",
"ghsa-cm33-6792-r9fm",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-rc95-pcm8-65v9",
"ghsa-rwm7-x88c-3g2p",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
cleanstart-2026-ta42758
Vulnerability from cleanstart
Published
2026-04-01 10:02
Modified
2026-03-10 06:08
Summary
Security fixes for ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-9342-92gg-6v29, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v applied in versions: 26.1.4-r1
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.4-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-TA42758",
"modified": "2026-03-10T06:08:44Z",
"published": "2026-04-01T10:02:43.642968Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-TA42758.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-9342-92gg-6v29, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v applied in versions: 26.1.4-r1",
"upstream": [
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-9342-92gg-6v29",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v"
]
}
cleanstart-2026-vj37814
Vulnerability from cleanstart
Published
2026-05-18 13:37
Modified
2026-05-07 10:32
Summary
Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.11-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ37814",
"modified": "2026-05-07T10:32:20Z",
"published": "2026-05-18T13:37:33.552809Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ37814.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cphf-4846-3xx9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2",
"upstream": [
"CVE-2025-59250",
"CVE-2026-1002",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-39852",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-38f8-5428-x5cv",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-45q3-82m4-75jr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-57rv-r2g8-2cj3",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cm33-6792-r9fm",
"ghsa-cphf-4846-3xx9",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-rc95-pcm8-65v9",
"ghsa-rwm7-x88c-3g2p",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
CVE-2025-7962 (GCVE-0-2025-7962)
Vulnerability from cvelistv5 – Published: 2025-07-21 17:22 – Updated: 2025-11-04 21:14
VLAI
EPSS
Summary
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Severity
CWE
- CWE-147 - Improper Neutralization of Input Terminators
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Jakarta Mail |
Unaffected:
1.6.8
Unaffected: 2.0.2 |
Credits
1ue
blu3r
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T17:41:32.809192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T17:41:53.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:59.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/03/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jakarta Mail",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "unaffected",
"version": "1.6.8"
},
{
"status": "unaffected",
"version": "2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1ue"
},
{
"lang": "en",
"type": "reporter",
"value": "blu3r"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the\u0026nbsp;\\r and \\n UTF-8 characters to separate different messages."
}
],
"value": "In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the\u00a0\\r and \\n UTF-8 characters to separate different messages."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-147",
"description": "CWE-147 Improper Neutralization of Input Terminators",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T10:18:46.544Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/67"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-7962",
"datePublished": "2025-07-21T17:22:12.520Z",
"dateReserved": "2025-07-21T17:10:58.094Z",
"dateUpdated": "2025-11-04T21:14:59.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…