Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/mail@2.2.5

Type gem

Namespace

Name mail

Version 2.2.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.5.rc1

Latest_non_vulnerable_version 2.7.0.rc1

Affected_by_vulnerabilities

url VCID-f4sz-rqp7-6ydb

vulnerability_id VCID-f4sz-rqp7-6ydb

summary

Improper Input Validation
The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2140

reference_id

reference_type

scores

value	0.03667
scoring_system	epss
scoring_elements	0.88093
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2140

reference_url

https://bugzilla.novell.com/show_bug.cgi?id=759092

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.novell.com/show_bug.cgi?id=759092

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=816352

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=816352

reference_url	http://secunia.com/advisories/48970
reference_id
reference_type
scores
url	http://secunia.com/advisories/48970

reference_url

https://github.com/mikel/mail

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail

reference_url

https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc

reference_url

https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0

reference_url

https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2

reference_url

http://www.openwall.com/lists/oss-security/2012/04/25/8

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/04/25/8

reference_url

http://www.openwall.com/lists/oss-security/2012/04/26/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/04/26/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2140

reference_id

CVE-2012-2140

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2140

reference_url

https://github.com/advisories/GHSA-rp63-jfmw-532w

reference_id

GHSA-rp63-jfmw-532w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rp63-jfmw-532w

fixed_packages

url pkg:gem/mail@2.4.3

purl pkg:gem/mail@2.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f4sz-rqp7-6ydb

vulnerability	VCID-pgqp-64zv-8fc3

vulnerability	VCID-q6zt-ft1w-8ka1

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.4.3

aliases CVE-2012-2140, GHSA-rp63-jfmw-532w, OSV-81632

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4sz-rqp7-6ydb

url VCID-gskv-mehm-gydz

vulnerability_id VCID-gskv-mehm-gydz

summary

Improper Input Validation
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

references

reference_url

http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0739

reference_id

reference_type

scores

value	0.00749
scoring_system	epss
scoring_elements	0.73421
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0739

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/65010

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/65010

reference_url

https://github.com/mikel/mail

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail

reference_url

https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

reference_url

https://web.archive.org/web/20200228225346/http://www.securityfocus.com/bid/46021

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228225346/http://www.securityfocus.com/bid/46021

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0739

reference_id

CVE-2011-0739

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0739

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml

reference_id

CVE-2011-0739.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml

reference_url

https://github.com/advisories/GHSA-cpjc-p7fc-j9xh

reference_id

GHSA-cpjc-p7fc-j9xh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cpjc-p7fc-j9xh

fixed_packages

url pkg:gem/mail@2.2.15

purl pkg:gem/mail@2.2.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f4sz-rqp7-6ydb

vulnerability	VCID-pgqp-64zv-8fc3

vulnerability	VCID-q6zt-ft1w-8ka1

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.2.15

aliases CVE-2011-0739, GHSA-cpjc-p7fc-j9xh, OSV-70667

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gskv-mehm-gydz

url VCID-pgqp-64zv-8fc3

vulnerability_id VCID-pgqp-64zv-8fc3

summary

SMTP Injection via to/from addresses
The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.

references

reference_url

http://openwall.com/lists/oss-security/2015/12/11/3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/12/11/3

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-9097

reference_id

reference_type

scores

value	0.01021
scoring_system	epss
scoring_elements	0.77536
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-9097

reference_url

https://github.com/mikel/mail

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail

reference_url

https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83

reference_url

https://github.com/mikel/mail/pull/1097

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mikel/mail/pull/1097

reference_url

https://github.com/rubysec/ruby-advisory-db/issues/215

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/issues/215

reference_url

https://hackerone.com/reports/137631

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/137631

reference_url

https://rubysec.com/advisories/mail-OSVDB-131677

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubysec.com/advisories/mail-OSVDB-131677

reference_url

http://www.mbsd.jp/Whitepaper/smtpi.pdf

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.mbsd.jp/Whitepaper/smtpi.pdf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-9097

reference_id

CVE-2015-9097

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-9097

reference_url

https://github.com/advisories/GHSA-q86f-fmqf-qrf6

reference_id

GHSA-q86f-fmqf-qrf6

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q86f-fmqf-qrf6

fixed_packages

url	pkg:gem/mail@2.5.5.rc1
purl	pkg:gem/mail@2.5.5.rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.5.5.rc1

url	pkg:gem/mail@2.5.5
purl	pkg:gem/mail@2.5.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.5.5

url	pkg:gem/mail@2.6.6.rc1
purl	pkg:gem/mail@2.6.6.rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.6.6.rc1

url	pkg:gem/mail@2.7.0.rc1
purl	pkg:gem/mail@2.7.0.rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/mail@2.7.0.rc1

aliases CVE-2015-9097, GHSA-q86f-fmqf-qrf6, OSV-131677

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgqp-64zv-8fc3

url VCID-q6zt-ft1w-8ka1

vulnerability_id VCID-q6zt-ft1w-8ka1

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html

reference_id

reference_type

scores