--- 
gem: mail
cve: 2011-0739
osvdb: 70667
url: https://nvd.nist.gov/vuln/detail/CVE-2011-0739
title: >
  Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From:
  Address Arbitrary Shell Command Injection 
date: 2011-01-25

description: |
  Mail Gem for Ruby contains a flaw related to the failure to properly sanitise
  input passed from an email from address in the 'deliver()' function in
  'lib/mail/network/delivery_methods/sendmail.rb' before being used as a
  command line argument. This may allow a remote attacker to inject arbitrary
  shell commands.

cvss_v2: 6.8

patched_versions: 
  - ">= 2.2.15"