2 matches found
CVE-2015-9097
The CVE-2015-9097 entry affects the Ruby mail gem (aka A Really Ruby Mail Library) prior to 2.5.5. The vulnerability is a SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands, demonstrated by CRLF sequences around a DATA substring. This is a concrete vulnerability in the mai...
CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses
The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...