SMTP Header Injection
Description
The application is vulnerable to SMTP header injection because it does not properly encode new line characters in `MimeMessage` methods. This could allow an adversary to inject malicious headers, potentially causing email messages to be sent to unintended recipients.
Examples
Insecure Code
java
message.setSubject(userInput);Secure Code
java
message.setSubject(StringEscapeUtils.escapeJava(userInput));Remediation
Use a library like Apache Commons Text to escape or encode `\r\n` character sequences in user input before using them in `MimeMessage` methods.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0722 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-77 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | SMTP, email, header injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |