Lucene search

GoogleOSV:GHSA-CJ92-C4FJ-W9C5

HistoryOct 24, 2017 - 6:33 p.m.

Mail Gem Path Traversal vulnerability

2017-10-2418:33:38

Google

osv.dev

0.033 Low

EPSS

Percentile

91.3%

JSON

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

CPENameOperatorVersion
maileq2.1.2
maileq2.4.0
maileq2.2.4
maileq2.2.20
maileq1.4.1
maileq1.5.4
maileq1.3.3
maileq1.3.2
maileq2.1.1
maileq1.5.3

Name	Operator	Version
mail	eq	2.1.2
mail	eq	2.4.0
mail	eq	2.2.4
mail	eq	2.2.20
mail	eq	1.4.1
mail	eq	1.5.4
mail	eq	1.3.3
mail	eq	1.3.2
mail	eq	2.1.1
mail	eq	1.5.3

Rows per page:

1-10 of 631

References

lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html

www.openwall.com/lists/oss-security/2012/04/25/8

www.openwall.com/lists/oss-security/2012/04/26/1

bugzilla.novell.com/show_bug.cgi?id=759092

bugzilla.redhat.com/show_bug.cgi?id=816352

github.com/mikel/mail

github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f

nvd.nist.gov/vuln/detail/CVE-2012-2139

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for OSV:GHSA-CJ92-C4FJ-W9C5