Sha256: 652d48548b42e5cec42911c6f9bc7838d4c3ba0642dc235d71d3e6db8fe9cbfe
Contents?: true
Size: 662 Bytes
Versions: 2
Compression:
Stored size: 662 Bytes
Contents
--- engine: ruby cve: 2015-9096 url: https://hackerone.com/reports/137631 title: SMTP command injection date: 2015-12-09 description: | Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is described in Terada, Takeshi. "SMTP Injection via Recipient Email Addresses." 2015. The attacks described in the paper (Terada, p. 4) can be applied to without any modification. patched_versions: - ">= 2.4.0"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.6.1 | data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml |
| bundler-audit-0.6.0 | data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml |