📦 James

Apache James email servers prior to versions 3.7.5 and 3.8.0 have a pre-authentication deserialization vulnerability in their JMX endpoint. Attackers with local access can exploit this to execute arbi...

CVE-2021-40525 is a path traversal vulnerability in Apache James ManagedSieve implementation that allows attackers to read and write arbitrary files on the server. This affects Apache James email serv...

This SMTP smuggling vulnerability in Apache James allows attackers to manipulate email line delimiters to forge SMTP envelopes, potentially bypassing SPF authentication checks. It affects Apache James...