{ "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi", "issues" : [ { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "angus-mail-2.0.3.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/var/govway/batch/generatoreStatistiche/lib/angus-mail-2.0.3.jar", "fingerprint" : "FALLBACK-20730357", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "angus-mail-2.0.3.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "jakarta.mail-2.0.3.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/var/govway/batch/generatoreStatistiche/lib/jakarta.mail-2.0.3.jar", "fingerprint" : "FALLBACK-368d5faa", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "jakarta.mail-2.0.3.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "tomcat-coyote.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/lib/tomcat-coyote.jar", "fingerprint" : "FALLBACK-1c10cee4", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48989: LanguageSpecificPackageVulnerability\u000a\u000atomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48989**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.tomcat:tomcat-coyote|11.0.10, 10.1.44, 9.0.108|[CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)|\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\u000a\u000aThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\u000a\u000aUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.\u000a\u000aPackage: org.apache.tomcat:tomcat-coyote\u000aInstalled Version: 11.0.9\u000aVulnerability CVE-2025-48989\u000aSeverity: HIGH\u000aFixed Version: 11.0.10, 10.1.44, 9.0.108\u000aLink: [CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "HIGH", "toString" : "tomcat-coyote.jar(1,0): CVE-2025-48989: : CVE-2025-48989: LanguageSpecificPackageVulnerability\u000a\u000atomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48989**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.tomcat:tomcat-coyote|11.0.10, 10.1.44, 9.0.108|[CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)|\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\u000a\u000aThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\u000a\u000aUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.\u000a\u000aPackage: org.apache.tomcat:tomcat-coyote\u000aInstalled Version: 11.0.9\u000aVulnerability CVE-2025-48989\u000aSeverity: HIGH\u000aFixed Version: 11.0.10, 10.1.44, 9.0.108\u000aLink: [CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)", "type" : "CVE-2025-48989" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "angus-mail-2.0.3.gw.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govway.war/WEB-INF/lib/angus-mail-2.0.3.gw.jar", "fingerprint" : "FALLBACK-b3af6add", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "angus-mail-2.0.3.gw.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "jakarta.mail-2.0.3.gw.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govway.war/WEB-INF/lib/jakarta.mail-2.0.3.gw.jar", "fingerprint" : "FALLBACK-d94d49aa", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "jakarta.mail-2.0.3.gw.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "angus-mail-2.0.3.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayConsole.war/WEB-INF/lib/angus-mail-2.0.3.jar", "fingerprint" : "FALLBACK-20730357", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "angus-mail-2.0.3.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "jakarta.mail-2.0.3.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayConsole.war/WEB-INF/lib/jakarta.mail-2.0.3.jar", "fingerprint" : "FALLBACK-368d5faa", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1316", "severity" : "NORMAL", "toString" : "jakarta.mail-2.0.3.jar(1,0): CVE-2025-7962: : CVE-2025-7962: LanguageSpecificPackageVulnerability\u000a\u000acom.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-7962**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.eclipse.angus:smtp|2.0.4|[CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)|\u000a\u000aIn Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.\u000a\u000aPackage: org.eclipse.angus:smtp\u000aInstalled Version: 2.0.3\u000aVulnerability CVE-2025-7962\u000aSeverity: MEDIUM\u000aFixed Version: 2.0.4\u000aLink: [CVE-2025-7962](https://avd.aquasec.com/nvd/cve-2025-7962)", "type" : "CVE-2025-7962" } ], "size" : 7, "toString" : "7 warnings (high: 1, normal: 6)" }