VulnerableCode Package Details - pkg:deb/debian/ruby-mail@2.7.1%2Bdfsg1-1.1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1svp-fwt6-pbey	SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.	CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677
VCID-3xkv-ckqz-r3dx	Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.	CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632
VCID-z8cv-3uer-pqbm	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.	CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631

Vulnerability

Summary

Aliases

VCID-1svp-fwt6-pbey

SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.

CVE-2015-9097
GHSA-q86f-fmqf-qrf6
OSV-131677

VCID-3xkv-ckqz-r3dx

Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

CVE-2012-2140
GHSA-rp63-jfmw-532w
OSV-81632

VCID-z8cv-3uer-pqbm

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

CVE-2012-2139
GHSA-cj92-c4fj-w9c5
OSV-81631

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:57:56.932994+00:00	Debian Importer	Fixing	VCID-z8cv-3uer-pqbm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:54:57.057912+00:00	Debian Importer	Fixing	VCID-3xkv-ckqz-r3dx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:59.152569+00:00	Debian Importer	Fixing	VCID-1svp-fwt6-pbey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:10:10.036830+00:00	Debian Importer	Fixing	VCID-z8cv-3uer-pqbm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:08:00.359917+00:00	Debian Importer	Fixing	VCID-3xkv-ckqz-r3dx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:24.429665+00:00	Debian Importer	Fixing	VCID-1svp-fwt6-pbey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:17.407099+00:00	Debian Importer	Fixing	VCID-1svp-fwt6-pbey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:17.364866+00:00	Debian Importer	Fixing	VCID-3xkv-ckqz-r3dx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:17.320287+00:00	Debian Importer	Fixing	VCID-z8cv-3uer-pqbm	https://security-tracker.debian.org/tracker/data/json	38.1.0