In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing theĀ \r and \n UTF-8 characters to separate different messages.
2025-07-21T18:15:28.820
2025-11-13T18:36:55.173
Analyzed
CVSSv3.1: 7.5 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | eclipse | jakarta_mail | < 1.6.8 | Yes |
| Application | eclipse | jakarta_mail | < 2.0.2 | Yes |
| Application | eclipse | angus_mail | < 2.0.4 | Yes |