{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"Medium"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"apache-mime4j security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP1.",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"Java stream based MIME message parser.\n\nSecurity Fix(es):\n\nImproper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n(CVE-2024-21742)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"Medium",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"apache-mime4j",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2024-1476",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1476"
			},
			{
				"summary":"CVE-2024-21742",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2024-21742&packageName=apache-mime4j"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21742"
			},
			{
				"summary":"openEuler-SA-2024-1476 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1476.json"
			}
		],
		"title":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP1",
		"tracking":{
			"initial_release_date":"2024-04-19T09:16:03+08:00",
			"revision_history":[
				{
					"date":"2024-04-19T09:16:03+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				},
				{
					"date":"2024-10-31T09:16:03+08:00",
					"summary":"final",
					"number":"2.0.0"
				}
			],
			"generator":{
				"date":"2024-10-31T09:16:03+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2024-10-31T09:16:03+08:00",
			"id":"openEuler-SA-2024-1476",
			"version":"2.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"openEuler-22.03-LTS-SP1",
									"name":"openEuler-22.03-LTS-SP1"
								},
								"name":"openEuler-22.03-LTS-SP1",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch.rpm",
									"name":"apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch.rpm"
								},
								"name":"apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"apache-mime4j-0.8.3-2.oe2203sp1.noarch.rpm",
									"name":"apache-mime4j-0.8.3-2.oe2203sp1.noarch.rpm"
								},
								"name":"apache-mime4j-0.8.3-2.oe2203sp1.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"apache-mime4j-0.8.3-2.oe2203sp1.src.rpm",
									"name":"apache-mime4j-0.8.3-2.oe2203sp1.src.rpm"
								},
								"name":"apache-mime4j-0.8.3-2.oe2203sp1.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch",
					"name":"apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"apache-mime4j-0.8.3-2.oe2203sp1.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.noarch",
					"name":"apache-mime4j-0.8.3-2.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"apache-mime4j-0.8.3-2.oe2203sp1.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.src",
					"name":"apache-mime4j-0.8.3-2.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2024-21742",
			"notes":[
				{
					"text":"Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-22.03-LTS-SP1:apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch",
					"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.noarch",
					"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.src"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-22.03-LTS-SP1:apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.src"
					],
					"details":"apache-mime4j security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1476"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":5.6,
						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
						"version":"3.1"
					},
					"products":[
						"openEuler-22.03-LTS-SP1:apache-mime4j-javadoc-0.8.3-2.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:apache-mime4j-0.8.3-2.oe2203sp1.src"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2024-21742"
		}
	]
}