Mail Improper Input Validation vulnerability

2017-10-2418:33:38

Google

osv.dev

0.013 Low

EPSS

Percentile

85.7%

JSON

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

CPENameOperatorVersion
maileq2.1.2
maileq2.2.4
maileq1.4.1
maileq1.5.4
maileq1.3.3
maileq1.3.2
maileq2.1.1
maileq1.5.3
maileq2.0.3
maileq2.2.5

Name	Operator	Version
mail	eq	2.1.2
mail	eq	2.2.4
mail	eq	1.4.1
mail	eq	1.5.4
mail	eq	1.3.3
mail	eq	1.3.2
mail	eq	2.1.1
mail	eq	1.5.3
mail	eq	2.0.3
mail	eq	2.2.5

Rows per page:

1-10 of 511

References

groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

exchange.xforce.ibmcloud.com/vulnerabilities/65010

github.com/mikel/mail

github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

github.com/rubysec/ruby-advisory-db/blob/master/gems/mail/CVE-2011-0739.yml

nvd.nist.gov/vuln/detail/CVE-2011-0739

web.archive.org/web/20200228225346/www.securityfocus.com/bid/46021

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for OSV:GHSA-CPJC-P7FC-J9XH