Lucene search
K

4 matches found

CVE
CVE
added 2026/05/09 7:40 p.m.34 views

CVE-2026-42258

Net::IMAP (Ruby) is affected by CVE-2026-42258: before versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments passed to IMAP commands can be used for CRLF/command injection. The IBM Aspera Shares bulletin and multiple security trackers confirm this vulnerability in Net::IMAP and note patches in 0.4...

7.1CVSS5.7AI score0.00813EPSS
Exploits0References26Affected Software1
Cvelist
Cvelist
added 2026/05/09 7:40 p.m.45 views

CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.8CVSS0.00813EPSS
Exploits0References4
OSV
OSV
added 2026/05/09 7:40 p.m.1 views

CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.8CVSS5.9AI score0.00813EPSS
Exploits0References29
Github Security Blog
Github Security Blog
added 2026/05/04 10:4 p.m.9 views

net-imap vulnerable to command Injection via unvalidated Symbol inputs

Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...

7.1CVSS5.9AI score0.00813EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder