Lucene search

GitHub Advisory DatabaseGHSA-CPJC-P7FC-J9XH

HistoryOct 24, 2017 - 6:33 p.m.

Mail Improper Input Validation vulnerability

2017-10-2418:33:38

CWE-20

GitHub Advisory Database

github.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

Affected configurations

Vulners

Node

claws-mailmailRange<2.2.15

CPENameOperatorVersion
maillt2.2.15

CPE	Name	Operator	Version
	mail	lt	2.2.15

References

groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

exchange.xforce.ibmcloud.com/vulnerabilities/65010

github.com/advisories/GHSA-cpjc-p7fc-j9xh

github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml

nvd.nist.gov/vuln/detail/CVE-2011-0739

web.archive.org/web/20200228225346/www.securityfocus.com/bid/46021

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for GHSA-CPJC-P7FC-J9XH