diff --git a/advisories/github-reviewed/2025/07/GHSA-9342-92gg-6v29/GHSA-9342-92gg-6v29.json b/advisories/github-reviewed/2025/07/GHSA-9342-92gg-6v29/GHSA-9342-92gg-6v29.json index c8b860b9f07ca..781416234d914 100644 --- a/advisories/github-reviewed/2025/07/GHSA-9342-92gg-6v29/GHSA-9342-92gg-6v29.json +++ b/advisories/github-reviewed/2025/07/GHSA-9342-92gg-6v29/GHSA-9342-92gg-6v29.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9342-92gg-6v29", - "modified": "2026-04-16T18:47:48Z", + "modified": "2026-04-16T18:47:49Z", "published": "2025-07-21T18:32:19Z", "aliases": [ "CVE-2025-7962" @@ -9,10 +9,6 @@ "summary": "Jakarta Mail vulnerable to SMTP Injection", "details": "In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing theĀ \\r and \\n UTF-8 characters to separate different messages.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" @@ -75,6 +71,25 @@ ] } ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.sun.mail:jakarta.mail" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.7.payara-p1" + } + ] + } + ] } ], "references": [