Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/net-imap@0.4.24
purl pkg:gem/net-imap@0.4.24
Next non-vulnerable version 0.5.15
Latest non-vulnerable version 0.6.4.1
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-52j7-95w6-k7hs
Aliases:
CVE-2026-42256
GHSA-87pf-fpwv-p7m7
0.5.14
Affected by 8 other vulnerabilities.
0.6.4
Affected by 8 other vulnerabilities.
VCID-5ysp-qzcr-6bhv
Aliases:
CVE-2026-42245
GHSA-q2mw-fvj9-vvcw
0.5.14
Affected by 8 other vulnerabilities.
0.6.4
Affected by 8 other vulnerabilities.
VCID-hh1r-d7ku-s7gj
Aliases:
CVE-2026-42258
GHSA-75xq-5h9v-w6px
0.5.14
Affected by 8 other vulnerabilities.
0.6.4
Affected by 8 other vulnerabilities.
VCID-jv8h-fa83-9uc6
Aliases:
CVE-2026-42257
GHSA-hm49-wcqc-g2xg
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
0.5.14
Affected by 8 other vulnerabilities.
0.6.4
Affected by 8 other vulnerabilities.
VCID-qts7-776s-duc8
Aliases:
CVE-2026-42246
GHSA-vcgp-9326-pqcp
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.
0.5.14
Affected by 8 other vulnerabilities.
0.6.4
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-52j7-95w6-k7hs CVE-2026-42256
GHSA-87pf-fpwv-p7m7
VCID-5ysp-qzcr-6bhv CVE-2026-42245
GHSA-q2mw-fvj9-vvcw
VCID-hh1r-d7ku-s7gj CVE-2026-42258
GHSA-75xq-5h9v-w6px
VCID-jv8h-fa83-9uc6 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. CVE-2026-42257
GHSA-hm49-wcqc-g2xg
VCID-qts7-776s-duc8 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4. CVE-2026-42246
GHSA-vcgp-9326-pqcp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T09:28:59.817771+00:00 Ruby Importer Affected by VCID-5ysp-qzcr-6bhv https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml 38.6.0
2026-06-13T09:28:59.615918+00:00 Ruby Importer Fixing VCID-5ysp-qzcr-6bhv https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml 38.6.0
2026-06-13T09:28:59.162895+00:00 Ruby Importer Affected by VCID-hh1r-d7ku-s7gj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml 38.6.0
2026-06-13T09:28:58.956487+00:00 Ruby Importer Fixing VCID-hh1r-d7ku-s7gj https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml 38.6.0
2026-06-13T09:28:58.301273+00:00 Ruby Importer Fixing VCID-qts7-776s-duc8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml 38.6.0
2026-06-13T09:28:58.081471+00:00 Ruby Importer Affected by VCID-qts7-776s-duc8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml 38.6.0
2026-06-13T09:28:57.475465+00:00 Ruby Importer Affected by VCID-52j7-95w6-k7hs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml 38.6.0
2026-06-13T09:28:57.257539+00:00 Ruby Importer Fixing VCID-52j7-95w6-k7hs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml 38.6.0
2026-06-13T09:28:56.792838+00:00 Ruby Importer Affected by VCID-jv8h-fa83-9uc6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42257.yml 38.6.0
2026-06-13T09:28:56.576046+00:00 Ruby Importer Fixing VCID-jv8h-fa83-9uc6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42257.yml 38.6.0
2026-06-13T06:29:49.944527+00:00 GHSA Importer Fixing VCID-jv8h-fa83-9uc6 https://github.com/advisories/GHSA-hm49-wcqc-g2xg 38.6.0
2026-06-13T06:29:49.900423+00:00 GHSA Importer Fixing VCID-hh1r-d7ku-s7gj https://github.com/advisories/GHSA-75xq-5h9v-w6px 38.6.0
2026-06-13T06:29:49.736043+00:00 GHSA Importer Fixing VCID-52j7-95w6-k7hs https://github.com/advisories/GHSA-87pf-fpwv-p7m7 38.6.0
2026-06-13T06:29:49.569924+00:00 GHSA Importer Fixing VCID-5ysp-qzcr-6bhv https://github.com/advisories/GHSA-q2mw-fvj9-vvcw 38.6.0
2026-06-13T06:29:49.474258+00:00 GHSA Importer Fixing VCID-qts7-776s-duc8 https://github.com/advisories/GHSA-vcgp-9326-pqcp 38.6.0
2026-06-12T22:20:01.992294+00:00 GitLab Importer Fixing VCID-jv8h-fa83-9uc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/net-imap/CVE-2026-42257.yml 38.6.0
2026-06-12T22:19:57.628145+00:00 GitLab Importer Fixing VCID-qts7-776s-duc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/net-imap/CVE-2026-42246.yml 38.6.0
2026-06-12T22:19:57.163292+00:00 GitLab Importer Fixing VCID-hh1r-d7ku-s7gj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/net-imap/CVE-2026-42258.yml 38.6.0
2026-06-12T22:19:16.025903+00:00 GitLab Importer Fixing VCID-52j7-95w6-k7hs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/net-imap/CVE-2026-42256.yml 38.6.0
2026-06-12T22:19:08.955142+00:00 GitLab Importer Fixing VCID-5ysp-qzcr-6bhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/net-imap/CVE-2026-42245.yml 38.6.0
2026-06-12T07:52:02.682494+00:00 GithubOSV Importer Fixing VCID-jv8h-fa83-9uc6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-hm49-wcqc-g2xg/GHSA-hm49-wcqc-g2xg.json 38.6.0
2026-06-12T07:51:56.632223+00:00 GithubOSV Importer Fixing VCID-hh1r-d7ku-s7gj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-75xq-5h9v-w6px/GHSA-75xq-5h9v-w6px.json 38.6.0
2026-06-12T07:51:51.623492+00:00 GithubOSV Importer Fixing VCID-qts7-776s-duc8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-vcgp-9326-pqcp/GHSA-vcgp-9326-pqcp.json 38.6.0
2026-06-12T07:51:47.460090+00:00 GithubOSV Importer Fixing VCID-52j7-95w6-k7hs https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-87pf-fpwv-p7m7/GHSA-87pf-fpwv-p7m7.json 38.6.0
2026-06-12T07:51:34.762307+00:00 GithubOSV Importer Fixing VCID-5ysp-qzcr-6bhv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-q2mw-fvj9-vvcw/GHSA-q2mw-fvj9-vvcw.json 38.6.0