Apache Commons Email 1.0 to 1.4.
When a call-site passes a subject for an email that contains
line-breaks, the caller can add arbitrary SMTP headers.
Users should upgrade to Commons Email 1.5.
You can mitigate this vulnerability for older versions of Commons
Email by stripping line-breaks from the subject before passing it to
the setSubject(String) method.
This issue was discovered by Adam Williams.