Sha256: 3bd12bf6a0196fa9c20b5a8ddd5be12ba0c8909a54ed194c35cb89df323f7803

Contents?: true

Size: 644 Bytes

Versions: 14

Compression:

Stored size: 644 Bytes

Contents

--- 
gem: mail
cve: 2012-2139
osvdb: 81631
url: http://www.osvdb.org/show/osvdb/81631
title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation
date: 2012-03-14

description: |
  Mail Gem for Ruby contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'to' parameter within the delivery method. This directory traversal attack would allow the attacker to modify arbitrary files.

cvss_v2: 5.0
patched_versions: 
- ">= 2.4.4"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/mail/OSVDB-81631.yml