VulnerableCode Package Details - pkg:gem/mail@1.3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/mail@1.3.1

Essentials
History (5)

purl	pkg:gem/mail@1.3.1

Next non-vulnerable version	2.5.5.rc1
Latest non-vulnerable version	2.7.0.rc1
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-f4sz-rqp7-6ydb Aliases: CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632	Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.	2.4.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gskv-mehm-gydz Aliases: CVE-2011-0739 GHSA-cpjc-p7fc-j9xh OSV-70667	Improper Input Validation The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.	2.2.15 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pgqp-64zv-8fc3 Aliases: CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677	SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.	2.5.5.rc1 Affected by 0 other vulnerabilities. 2.5.5 Affected by 0 other vulnerabilities. 2.6.6.rc1 Affected by 0 other vulnerabilities. 2.7.0.rc1 Affected by 0 other vulnerabilities.
VCID-q6zt-ft1w-8ka1 Aliases: CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.	2.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:15:04.430080+00:00	Ruby Importer	Affected by	VCID-q6zt-ft1w-8ka1	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2139.yml	38.6.0
2026-05-31T10:15:04.262695+00:00	Ruby Importer	Affected by	VCID-f4sz-rqp7-6ydb	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2140.yml	38.6.0
2026-05-31T10:15:01.630297+00:00	Ruby Importer	Affected by	VCID-gskv-mehm-gydz	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml	38.6.0
2026-05-31T09:38:45.491940+00:00	GitLab Importer	Affected by	VCID-pgqp-64zv-8fc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2015-9097.yml	38.6.0
2026-05-31T09:31:01.740461+00:00	GitLab Importer	Affected by	VCID-gskv-mehm-gydz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2011-0739.yml	38.6.0