Lucene search
K
Ruby-langNet::imap0.6.0

5 matches found

CVE
CVE
β€’added 2026/05/09 7:33 p.m.β€’56 views

CVE-2026-42246

Net::IMAP (Ruby) versions before 0.3.10, 0.4.24, 0.5.14, and 0.6.4 are affected by a STARTTLS stripping issue. A man-in-the-middle attacker can cause Net::IMAP#starttls to report a successful TLS upgrade without actually enabling TLS, leaving the socket unencrypted. The vulnerability is mitigated...

7.6CVSS5.7AI score0.00324EPSS
CVE
CVE
β€’added 2026/05/09 7:37 p.m.β€’50 views

CVE-2026-42245

Net::IMAP (Ruby) is affected by a performance vulnerability in Net::IMAP::ResponseReader, where reading large responses with many string literals causes quadratic time complexity. This can be exploited by a hostile server to exhaust the client’s CPU, leading to a denial of service. The issue has ...

7.5CVSS5.7AI score0.0041EPSS
CVE
CVE
β€’added 2026/05/09 7:39 p.m.β€’33 views

CVE-2026-42257

CVE-2026-42257 affects the Ruby Net::IMAP library where, prior to versions 0.4.24, 0.5.14, and 0.6.4, several IMAP commands accept a raw string argument sent to the server without validation or escaping. If derived from user input, this can include CRLF sequences and allow injection of arbitrary ...

9.8CVSS5.8AI score0.00429EPSS
CVE
CVE
β€’added 2026/05/09 7:40 p.m.β€’32 views

CVE-2026-42258

Net::IMAP (Ruby) is affected by CVE-2026-42258: before versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments passed to IMAP commands can be used for CRLF/command injection. The IBM Aspera Shares bulletin and multiple security trackers confirm this vulnerability in Net::IMAP and note patches in 0.4...

7.1CVSS5.7AI score0.00813EPSS
CVE
CVE
β€’added 2026/05/09 7:38 p.m.β€’26 views

CVE-2026-42256

Net::IMAP (Ruby) is affected by a Denial of Service when authenticating with SCRAM-SHA1/SCRAM-SHA256 if a hostile server sends a very high iteration count. Affected versions: 0.4.0–0.4.23, 0.5.0–0.5.13, 0.6.0–0.0.6. Wait that seems wrong: fix lists are 0.4.24, 0.5.14, 0.6.4. Corrected: Affected r...

6.5CVSS5.7AI score0.00299EPSS