Sha256: 3bd12bf6a0196fa9c20b5a8ddd5be12ba0c8909a54ed194c35cb89df323f7803
Contents?: true
Size: 644 Bytes
Versions: 14
Compression:
Stored size: 644 Bytes
Contents
--- gem: mail cve: 2012-2139 osvdb: 81631 url: http://www.osvdb.org/show/osvdb/81631 title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation date: 2012-03-14 description: | Mail Gem for Ruby contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'to' parameter within the delivery method. This directory traversal attack would allow the attacker to modify arbitrary files. cvss_v2: 5.0 patched_versions: - ">= 2.4.4"
Version data entries
14 entries across 14 versions & 3 rubygems