Sha256: 6308cdbbac755a2a4b58ef1e81b57134844f9524a4aed902c2aeefbbd3121da5

Contents?: true

Size: 623 Bytes

Versions: 14

Compression:

Stored size: 623 Bytes

Contents

--- 
gem: mail
cve: 2011-0739
osvdb: 70667
url: http://www.osvdb.org/show/osvdb/70667
title: >
  Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From:
  Address Arbitrary Shell Command Injection 
date: 2011-01-25

description: |
  Mail Gem for Ruby contains a flaw related to the failure to properly sanitise
  input passed from an email from address in the 'deliver()' function in
  'lib/mail/network/delivery_methods/sendmail.rb' before being used as a
  command line argument. This may allow a remote attacker to inject arbitrary
  shell commands.

cvss_v2: 6.8

patched_versions: 
  - ">= 2.2.15"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/mail/OSVDB-70667.yml