VulnerableCode Package Details - pkg:gem/mail@2.2.18

Search for packages

Vulnerability	Summary	Fixed by
VCID-66dq-g2ab-5qbz Aliases: CVE-2015-9097 GHSA-q86f-fmqf-qrf6 OSV-131677	Mail Gem CRLF Injection vulnerability The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.	2.5.5.rc1 Affected by 0 other vulnerabilities. 2.5.5 Affected by 0 other vulnerabilities. 2.6.6.rc1 Affected by 0 other vulnerabilities. 2.7.0.rc1 Affected by 0 other vulnerabilities.
VCID-8axt-ka9d-y3d2 Aliases: CVE-2012-2140 GHSA-rp63-jfmw-532w OSV-81632	Mail Gem Improper Input Validation vulnerability The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.	2.4.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rfun-f86c-ayfd Aliases: CVE-2012-2139 GHSA-cj92-c4fj-w9c5 OSV-81631	Mail Gem Path Traversal vulnerability Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.	2.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-66dq-g2ab-5qbz
Aliases:
CVE-2015-9097
GHSA-q86f-fmqf-qrf6
OSV-131677

Mail Gem CRLF Injection vulnerability The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

2.5.5.rc1
Affected by 0 other vulnerabilities.

2.5.5
Affected by 0 other vulnerabilities.

2.6.6.rc1
Affected by 0 other vulnerabilities.

2.7.0.rc1
Affected by 0 other vulnerabilities.

VCID-8axt-ka9d-y3d2
Aliases:
CVE-2012-2140
GHSA-rp63-jfmw-532w
OSV-81632

Mail Gem Improper Input Validation vulnerability The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

2.4.3
Affected by 3 other vulnerabilities.

VCID-rfun-f86c-ayfd
Aliases:
CVE-2012-2139
GHSA-cj92-c4fj-w9c5
OSV-81631

Mail Gem Path Traversal vulnerability Directory traversal vulnerability in `lib/mail/network/delivery_methods/file_delivery.rb` in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a `..` (dot dot) in the to parameter.

2.4.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T03:43:10.561107+00:00	GitLab Importer	Affected by	VCID-66dq-g2ab-5qbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2015-9097.yml	38.6.0
2026-05-29T23:54:26.254225+00:00	Ruby Importer	Affected by	VCID-rfun-f86c-ayfd	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2139.yml	38.6.0
2026-05-29T23:54:25.955192+00:00	Ruby Importer	Affected by	VCID-8axt-ka9d-y3d2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2140.yml	38.6.0