mikel/mail

mikel/mail

Releases71

Frequency2 months 3 weeks

Last Release 8 months ago

Stars3.67K

A Really Ruby Mail Library

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2015-9097 ↗	Jun 12, 2017Monday, 12 June 2017, 20:29	—	4.3 MEDIUM
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
CVE-2012-2139 ↗	Jul 18, 2012Wednesday, 18 July 2012, 18:55	—	5 MEDIUM
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
CVE-2012-2140 ↗	Jul 18, 2012Wednesday, 18 July 2012, 18:55	—	7.5 HIGH
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
CVE-2011-0739 ↗	Feb 2, 2011Wednesday, 2 February 2011, 01:00	—	6.8 MEDIUM
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.