imapflow is vulnerable to STARTTLS Response Injection
65
Medium Risk
ImapFlow upgrades plaintext IMAP connections to TLS with the STARTTLS command, but before the fix it does not verify that the server stayed silent between the tagged STARTTLS OK and the TLS handshake. A man-in-the-middle can inject plaintext IMAP data right after the OK, and those buffered bytes are then processed as if they had arrived inside the established TLS session. This lets an attacker smuggle forged, trusted server responses into an otherwise encrypted session. The fix detects trailing data through a per-command parser flag and a post-unpipe socket read, failing closed with a STARTTLS_INJECTION error before wrapping the socket.
You are affected if you are using a version that falls within the vulnerable range and connect to IMAP servers over plaintext with a STARTTLS upgrade instead of implicit TLS.
imapflow is vulnerable to STARTTLS Response Injection in versions 1.0.0 - 1.3.5.
Upgrade the imapflow library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant