Sha256: 76bc69ef0906326d3e826acdf3a57c4e83c69f9d74622d9519554df7fa32c332
Contents?: true
Size: 653 Bytes
Versions: 1
Compression:
Stored size: 653 Bytes
Contents
--- gem: mail cve: 2012-2139 osvdb: 81631 url: https://nvd.nist.gov/vuln/detail/CVE-2012-2139 title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation date: 2012-03-14 description: | Mail Gem for Ruby contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'to' parameter within the delivery method. This directory traversal attack would allow the attacker to modify arbitrary files. cvss_v2: 5.0 patched_versions: - ">= 2.4.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/mail/CVE-2012-2139.yml |