Lucene search

[email protected]NVD:CVE-2012-2140

HistoryJul 18, 2012 - 6:55 p.m.

CVE-2012-2140

2012-07-1818:55:01

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

Affected configurations

NVD

Node

rubygemsmail_gemRange≤2.4.1

rubygemsmail_gemMatch2.3.2

rubygemsmail_gemMatch2.3.3

References

lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html

secunia.com/advisories/48970

www.openwall.com/lists/oss-security/2012/04/25/8

www.openwall.com/lists/oss-security/2012/04/26/1

bugzilla.novell.com/show_bug.cgi?id=759092

bugzilla.redhat.com/show_bug.cgi?id=816352

github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc

github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0

github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for NVD:CVE-2012-2140

osv1 prion1 cvelist1 github1 debiancve1 cve1 rubygems1 openvas14 fedora6 freebsd1 nessus5