Skip to content

bugs #15007 (mailextractlib): fix apache poi dependencies#87

Merged
Regzox merged 1 commit intomasterfrom
bugs_15007
Sep 11, 2025
Merged

bugs #15007 (mailextractlib): fix apache poi dependencies#87
Regzox merged 1 commit intomasterfrom
bugs_15007

Conversation

@Regzox
Copy link
Contributor

@Regzox Regzox commented Sep 8, 2025

No description provided.

@Regzox Regzox self-assigned this Sep 8, 2025
@Regzox Regzox added bug Something isn't working enhancement New feature or request labels Sep 8, 2025
@vitam-prg
Copy link

vitam-prg commented Sep 8, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsf36dd526-7e30-4cc6-bd6d-cc052c0a3d08

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2025-54988 Maven-org.apache.tika:tika-core-3.1.0
detailsRecommended version: 3.2.2
Description: Critical XXE (XML External Entity Injection) vulnerability in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through 3.2.1 on all platfor...
Attack Vector: LOCAL
Attack Complexity: LOW

ID: J3rQiB5zsTatP5%2BCrgcYoogW7BDbkGTQqTVPTvMcIwc%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-commons-lang:commons-lang-2.6
detailsRecommended version: 2.7-atlassian-1
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: DyGmcMgDyoZ3SLiqlCVl%2F02eZhHVaA9vlOYeO9rrGpQ%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.14.0
detailsRecommended version: 3.16.0.redhat-00002
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: ia5Anf58ohH5AaaXlFdLAQQMsOuZPskQGSUVgtWoIS0%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.17.0
detailsRecommended version: 3.18.0
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: uVmEU6CazWpHLYNXrsS%2B76iVRnSqkeDcHqfdAlNgp0w%3D
Vulnerable Package
MEDIUM CVE-2025-7962 Maven-org.eclipse.angus:angus-mail-2.0.3
detailsRecommended version: 2.0.4
Description: In Jakarta Mail through 2.0.3 it is possible to preform a SMTP Injection by utilizing the"\r" and "\n" UTF-8 characters to separate different messa...
Attack Vector: NETWORK
Attack Complexity: HIGH

ID: j3f0F6%2F2V9Zu%2FH%2Bhsb7HgtBKKW5d6yChSI%2B%2FXHcwpsM%3D
Vulnerable Package
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM Unchecked_Input_for_Loop_Condition /resip/src/main/java/fr/gouv/vitam/tools/resip/frame/XmlEditDialog.java: 433

@Regzox Regzox force-pushed the bugs_15007 branch 3 times, most recently from 507f8b8 to 895ce79 Compare September 10, 2025 11:45
@Regzox Regzox changed the title bugs #15007: fix .eml data extraction bugs #15007 (mailextractlib): fix apache poi dependencies Sep 10, 2025
marob
marob reviewed Sep 10, 2025
View reviewed changes
@Regzox Regzox requested a review from marob September 11, 2025 09:11
@Regzox Regzox merged commit abef577 into master Sep 11, 2025
2 checks passed
@Regzox Regzox deleted the bugs_15007 branch September 11, 2025 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marob marob marob approved these changes

Assignees

@Regzox Regzox

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Regzox @vitam-prg @marob