Search for packages
| purl | pkg:gem/mail@2.2.5.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1svp-fwt6-pbey
Aliases: CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677 |
SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3xkv-ckqz-r3dx
Aliases: CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632 |
Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. |
Affected by 3 other vulnerabilities. |
|
VCID-m9tp-apd1-z7c6
Aliases: CVE-2011-0739 GHSA-cpjc-p7fc-j9xh OSV-70667 |
Improper Input Validation The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. |
Affected by 3 other vulnerabilities. |
|
VCID-z8cv-3uer-pqbm
Aliases: CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||