Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/mail@2.4.3
purl pkg:gem/mail@2.4.3
Next non-vulnerable version 2.5.5.rc1
Latest non-vulnerable version 2.7.0.rc1
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-f4sz-rqp7-6ydb
Aliases:
CVE-2012-2140
GHSA-rp63-jfmw-532w
OSV-81632
Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. There are no reported fixed by versions.
VCID-pgqp-64zv-8fc3
Aliases:
CVE-2015-9097
GHSA-q86f-fmqf-qrf6
OSV-131677
SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`.
2.5.5.rc1
Affected by 0 other vulnerabilities.
2.5.5
Affected by 0 other vulnerabilities.
2.6.6.rc1
Affected by 0 other vulnerabilities.
2.7.0.rc1
Affected by 0 other vulnerabilities.
VCID-q6zt-ft1w-8ka1
Aliases:
CVE-2012-2139
GHSA-cj92-c4fj-w9c5
OSV-81631
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
2.4.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-f4sz-rqp7-6ydb Improper Input Validation The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. CVE-2012-2140
GHSA-rp63-jfmw-532w
OSV-81632

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T10:58:32.096301+00:00 GithubOSV Importer Fixing VCID-f4sz-rqp7-6ydb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-rp63-jfmw-532w/GHSA-rp63-jfmw-532w.json 38.6.0
2026-05-31T10:15:04.528024+00:00 Ruby Importer Affected by VCID-q6zt-ft1w-8ka1 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2139.yml 38.6.0
2026-05-31T10:15:04.368129+00:00 Ruby Importer Affected by VCID-f4sz-rqp7-6ydb https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2012-2140.yml 38.6.0
2026-05-31T09:38:45.619577+00:00 GitLab Importer Affected by VCID-pgqp-64zv-8fc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2015-9097.yml 38.6.0
2026-05-31T00:50:02.725987+00:00 GHSA Importer Fixing VCID-f4sz-rqp7-6ydb https://github.com/advisories/GHSA-rp63-jfmw-532w 38.6.0
2026-05-30T20:51:56.078963+00:00 GitLab Importer Affected by VCID-q6zt-ft1w-8ka1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2012-2139.yml 38.6.0
2026-05-30T20:51:56.049923+00:00 GitLab Importer Fixing VCID-f4sz-rqp7-6ydb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mail/CVE-2012-2140.yml 38.6.0