VulnerableCode Package Details - pkg:gem/mail@1.2.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/mail@1.2.8

Essentials
History (5)

purl	pkg:gem/mail@1.2.8

Next non-vulnerable version	2.5.5.rc1
Latest non-vulnerable version	2.7.0.rc1
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-64ws-nakp-3fhz Aliases: CVE-2011-0739 GHSA-cpjc-p7fc-j9xh OSV-70667	Mail Improper Input Validation vulnerability The deliver function in the sendmail delivery agent (`lib/mail/network/delivery_methods/sendmail.rb`) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.	2.2.15 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-66dq-g2ab-5qbz Aliases: CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677	Mail Gem CRLF Injection vulnerability The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.	2.5.5.rc1 Affected by 0 other vulnerabilities. 2.5.5 Affected by 0 other vulnerabilities. 2.6.6.rc1 Affected by 0 other vulnerabilities. 2.7.0.rc1 Affected by 0 other vulnerabilities.
VCID-8axt-ka9d-y3d2 Aliases: CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632	Mail Gem Improper Input Validation vulnerability The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.	2.4.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rfun-f86c-ayfd Aliases: CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631	Mail Gem Path Traversal vulnerability Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.	2.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T03:43:10.349349+00:00	GitLab Importer	Affected by	VCID-66dq-g2ab-5qbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2015-9097.yml	38.6.0
2026-05-30T03:33:59.702239+00:00	GitLab Importer	Affected by	VCID-64ws-nakp-3fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2011-0739.yml	38.6.0
2026-05-29T23:54:26.061862+00:00	Ruby Importer	Affected by	VCID-rfun-f86c-ayfd	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2139.yml	38.6.0
2026-05-29T23:54:25.752349+00:00	Ruby Importer	Affected by	VCID-8axt-ka9d-y3d2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2140.yml	38.6.0
2026-05-29T23:54:17.936383+00:00	Ruby Importer	Affected by	VCID-64ws-nakp-3fhz	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml	38.6.0