{"url":"http://public2.vulnerablecode.io/api/packages/384475?format=json","purl":"pkg:gem/net-imap@0.4.10","type":"gem","namespace":"","name":"net-imap","version":"0.4.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5092?format=json","vulnerability_id":"VCID-dsp2-st7q-k7c8","summary":"net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42257","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03853","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42257"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974"},{"reference_url":"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f"},{"reference_url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b"},{"reference_url":"https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048"},{"reference_url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42257","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42257"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823","reference_id":"1136823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468494","reference_id":"2468494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468494"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59449?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59448?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59447?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42257","GHSA-hm49-wcqc-g2xg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsp2-st7q-k7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25924?format=json","vulnerability_id":"VCID-hvmc-xq6r-v3gq","summary":"net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25186.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25186","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33667","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25186"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35"},{"reference_url":"https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3"},{"reference_url":"https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:13:53Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-25186.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-25186.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25186","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25186"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/AppendUIDData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/AppendUIDData.html"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/CopyUIDData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/CopyUIDData.html"},{"reference_url":"https://ruby.github.io/net-imap/Net/IMAP/UIDPlusData.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ruby.github.io/net-imap/Net/IMAP/UIDPlusData.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103791","reference_id":"1103791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103791"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344680","reference_id":"2344680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344680"},{"reference_url":"https://github.com/advisories/GHSA-7fc5-f82f-cx69","reference_id":"GHSA-7fc5-f82f-cx69","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7fc5-f82f-cx69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10217","reference_id":"RHSA-2025:10217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4493","reference_id":"RHSA-2025:4493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8131","reference_id":"RHSA-2025:8131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8131"},{"reference_url":"https://usn.ubuntu.com/7418-1/","reference_id":"USN-7418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63888?format=json","purl":"pkg:gem/net-imap@0.4.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"},{"vulnerability":"VCID-wk39-mg7d-yfen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.19"},{"url":"http://public2.vulnerablecode.io/api/packages/63889?format=json","purl":"pkg:gem/net-imap@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"},{"vulnerability":"VCID-wk39-mg7d-yfen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.6"}],"aliases":["CVE-2025-25186","GHSA-7fc5-f82f-cx69"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvmc-xq6r-v3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5093?format=json","vulnerability_id":"VCID-tqjm-hc7a-zfg6","summary":"ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42256.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42256","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14578","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"},{"reference_url":"https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"},{"reference_url":"https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:04:26Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42256.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42256","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42256"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc7804.html#page-15","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rfc-editor.org/rfc/rfc7804.html#page-15"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823","reference_id":"1136823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468500","reference_id":"2468500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468500"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59449?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59448?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59447?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42256","GHSA-87pf-fpwv-p7m7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqjm-hc7a-zfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5094?format=json","vulnerability_id":"VCID-u5hu-8ycs-hffz","summary":"ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42245.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42245.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42245","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2478","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42245"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42245","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42245"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"},{"reference_url":"https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"},{"reference_url":"https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T17:53:55Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42245.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42245","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42245"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823","reference_id":"1136823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468495","reference_id":"2468495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468495"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59449?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59448?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59447?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42245","GHSA-q2mw-fvj9-vvcw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5hu-8ycs-hffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25901?format=json","vulnerability_id":"VCID-ub56-x84j-qyee","summary":"net-imap vulnerable to command Injection via unvalidated Symbol inputs\n### Summary\n\nSymbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands.\n\n### Details\n\nSymbol arguments represent IMAP \"system flags\", which are formatted as \"atoms\" (with no quoting) with a `\"\\\"` prefix.  Vulnerable versions of Net::IMAP sends the symbol name directly to the socket, with no validation.\n\nBecause the Symbol input is unvalidated, it could contain invalid `flag` characters, including `SP` and `CRLF`, which could be used to finish the current command and inject new commands.\n\nAlthough IMAP `flag` arguments are only valid input for a few IMAP commands, most Net::IMAP commands use generic argument handling, and will allow Symbol (`flag`) inputs.\n\nNote also that the list of valid symbol inputs should be restricted to an enumerated set of standard RFC defined flag types, which have each been given specific defined semantics.  Any user-provided values outside of that list of standard \"system flags\" needs to use the IMAP `keyword` syntax, which are sent as atoms, i.e: string inputs. Under no circumstances should `#to_sym` ever be called on unvetted user-provided input: that will always be a bug in the calling code for the simple reason that `user_input_atom` is  as `\\user_input_atom`.\n\nFor forward compatibility with future IMAP extentions, Net::IMAP, does not restrict flag inputs to an enumerated list.  That is the responsibility of the calling application code, which knows which flag semantics are valid for its context.\n\n### Impact\n\nIf a developer passes user-controlled input as a Symbol to most Net::IMAP commands, an attacker can append CRLF sequence followed by a new IMAP command (like `DELETE mailbox`).\n\n### Mitigation\n* Upgrade to a version of Net::IMAP that validates Symbols are valid as an IMAP `flag`.\n* User-provided input should never be able to control calling `#to_sym` on string arguments.\n\n  For example, do not unsafely serialize and deserialize command arguments (e.g. with YAML or Marshal) in a way that could create unvetted Symbol arguments.\n* For the few IMAP commands which do allow `flag` arguments, it may be appropriate to hard-code Symbol arguments or restrict them to an enumerated list which is valid for the calling application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42258","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25852","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42258"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b"},{"reference_url":"https://github.com/ruby/net-imap/commit/9db3e9d60bfb8f3735ea95015bf8a700f4af9cbb","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/9db3e9d60bfb8f3735ea95015bf8a700f4af9cbb"},{"reference_url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:57:16Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42258.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42258","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42258"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823","reference_id":"1136823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59449?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59448?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59447?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42258","GHSA-75xq-5h9v-w6px"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub56-x84j-qyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25655?format=json","vulnerability_id":"VCID-v51f-gsuz-6ubk","summary":"net-imap vulnerable to STARTTLS stripping via invalid response timing\n### Summary\n\nA man-in-the-middle attacker can cause `Net::IMAP#starttls` to return \"successfully\", without starting TLS.\n\n### Details\n\nWhen using `Net::IMAP#starttls` to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged `OK` response with an easily predictable tag.  By sending the response before the client finishes sending the command, the command completes \"successfully\" before the response handler is registered.  This allows `#starttls` to return without error, but the response handler is never invoked, the TLS connection is never established, and the socket remains unencrypted.\n\nThis allows man-in-the-middle attackers to perform a STARTTLS stripping attack, unless the client code explicitly checks `Net::IMAP#tls_verified?`.\n\n### Impact\n\nTLS bypass, leading to cleartext transmission of sensitive information.\n\n### Mitigation\n\n* Upgrade to a patched version of net-imap that raises an exception whenever `#starttls` does not establish TLS.\n* Connect to an implicit TLS port, rather than use `STARTTLS` with a cleartext port.\n  This is strongly recommended anyway:\n  * [RFC 8314](https://www.rfc-editor.org/info/rfc8314): Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access\n  * [NO STARTTLS](https://nostarttls.secvuln.info/): Why TLS is better without STARTTLS, A Security Analysis of STARTTLS in the Email Context\n* Explicitly verify `Net::IMAP#tls_verified?` is `true`, before using the connection after `#starttls`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42246","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03832","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42246"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42246","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42246"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"},{"reference_url":"https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"},{"reference_url":"https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"},{"reference_url":"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.3.10","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.3.10"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14"},{"reference_url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:29:05Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-42246.yml"},{"reference_url":"https://nostarttls.secvuln.info","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nostarttls.secvuln.info"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42246","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42246"},{"reference_url":"https://www.rfc-editor.org/info/rfc8314","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rfc-editor.org/info/rfc8314"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823","reference_id":"1136823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59449?format=json","purl":"pkg:gem/net-imap@0.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59448?format=json","purl":"pkg:gem/net-imap@0.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59447?format=json","purl":"pkg:gem/net-imap@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.6.4"}],"aliases":["CVE-2026-42246","GHSA-vcgp-9326-pqcp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v51f-gsuz-6ubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22824?format=json","vulnerability_id":"VCID-wk39-mg7d-yfen","summary":"net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43857","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67418","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43857"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/net-imap","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap"},{"reference_url":"https://github.com/ruby/net-imap/pull/442","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/442"},{"reference_url":"https://github.com/ruby/net-imap/pull/444","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/net-imap/pull/444"},{"reference_url":"https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462"},{"reference_url":"https://github.com/ruby/net-imap/pull/445","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/445"},{"reference_url":"https://github.com/ruby/net-imap/pull/446","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/446"},{"reference_url":"https://github.com/ruby/net-imap/pull/447","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/pull/447"},{"reference_url":"https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/"}],"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43857","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43857"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486","reference_id":"1104486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362749","reference_id":"2362749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362749"},{"reference_url":"https://github.com/advisories/GHSA-j3g3-5qv5-52mj","reference_id":"GHSA-j3g3-5qv5-52mj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j3g3-5qv5-52mj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61973?format=json","purl":"pkg:gem/net-imap@0.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"},{"vulnerability":"VCID-wk39-mg7d-yfen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/61972?format=json","purl":"pkg:gem/net-imap@0.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsp2-st7q-k7c8"},{"vulnerability":"VCID-tqjm-hc7a-zfg6"},{"vulnerability":"VCID-u5hu-8ycs-hffz"},{"vulnerability":"VCID-ub56-x84j-qyee"},{"vulnerability":"VCID-v51f-gsuz-6ubk"},{"vulnerability":"VCID-wk39-mg7d-yfen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7"}],"aliases":["CVE-2025-43857","GHSA-j3g3-5qv5-52mj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wk39-mg7d-yfen"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.10"}