VulnerableCode Package Details - pkg:gem/mail@2.2.15

Search for packages

Vulnerability	Summary	Fixed by
VCID-66dq-g2ab-5qbz Aliases: CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677	Mail Gem CRLF Injection vulnerability The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.	2.5.5.rc1 Affected by 0 other vulnerabilities. 2.5.5 Affected by 0 other vulnerabilities. 2.6.6.rc1 Affected by 0 other vulnerabilities. 2.7.0.rc1 Affected by 0 other vulnerabilities.
VCID-8axt-ka9d-y3d2 Aliases: CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632	Mail Gem Improper Input Validation vulnerability The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.	2.4.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rfun-f86c-ayfd Aliases: CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631	Mail Gem Path Traversal vulnerability Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.	2.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-66dq-g2ab-5qbz
Aliases:
CVE-2015-9097
GHSA-q86f-fmqf-qrf6
OSV-131677

Mail Gem CRLF Injection vulnerability The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

2.5.5.rc1
Affected by 0 other vulnerabilities.

2.5.5
Affected by 0 other vulnerabilities.

2.6.6.rc1
Affected by 0 other vulnerabilities.

2.7.0.rc1
Affected by 0 other vulnerabilities.

VCID-8axt-ka9d-y3d2
Aliases:
CVE-2012-2140
GHSA-rp63-jfmw-532w
OSV-81632

Mail Gem Improper Input Validation vulnerability The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

2.4.3
Affected by 3 other vulnerabilities.

VCID-rfun-f86c-ayfd
Aliases:
CVE-2012-2139
GHSA-cj92-c4fj-w9c5
OSV-81631

Mail Gem Path Traversal vulnerability Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.

2.4.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-64ws-nakp-3fhz	Mail Improper Input Validation vulnerability The deliver function in the sendmail delivery agent (`lib/mail/network/delivery_methods/sendmail.rb`) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.	CVE-2011-0739 GHSA-cpjc-p7fc-j9xh OSV-70667

Vulnerability

Summary

Aliases

VCID-64ws-nakp-3fhz

Mail Improper Input Validation vulnerability The deliver function in the sendmail delivery agent (`lib/mail/network/delivery_methods/sendmail.rb`) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

CVE-2011-0739
GHSA-cpjc-p7fc-j9xh
OSV-70667

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T03:43:10.548206+00:00	GitLab Importer	Affected by	VCID-66dq-g2ab-5qbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2015-9097.yml	38.6.0
2026-05-29T23:54:26.242729+00:00	Ruby Importer	Affected by	VCID-rfun-f86c-ayfd	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2139.yml	38.6.0
2026-05-29T23:54:25.940888+00:00	Ruby Importer	Affected by	VCID-8axt-ka9d-y3d2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2140.yml	38.6.0
2026-05-29T17:29:14.164412+00:00	GitLab Importer	Fixing	VCID-64ws-nakp-3fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2011-0739.yml	38.6.0
2026-05-29T14:21:42.669322+00:00	GHSA Importer	Fixing	VCID-64ws-nakp-3fhz	https://github.com/advisories/GHSA-cpjc-p7fc-j9xh	38.6.0
2026-05-29T08:57:02.841082+00:00	GithubOSV Importer	Fixing	VCID-64ws-nakp-3fhz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-cpjc-p7fc-j9xh/GHSA-cpjc-p7fc-j9xh.json	38.6.0