4 matches found
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...
CVE-2026-42258
Net::IMAP (Ruby) is affected by CVE-2026-42258: before versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments passed to IMAP commands can be used for CRLF/command injection. The IBM Aspera Shares bulletin and multiple security trackers confirm this vulnerability in Net::IMAP and note patches in 0.4...
net-imap vulnerable to command Injection via unvalidated Symbol inputs
Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...