CVE-2015-9096

Published June 12th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECTS

Description

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

ruby/ruby

The Ruby Programming Language

GitHub

23.6K

rubysec/ruby-advisory-db

A database of vulnerable Ruby Gems

GitHub

1.06K