Remote Shell Command Execution Affecting mail package, versions < 2.4.4

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 1.33% (86^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-MAIL-20027
published 13 Mar 2012
disclosed 13 Mar 2012
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 13 Mar 2012

CVE-2012-2140 Open this link in a new tab CWE-77 Open this link in a new tab

Overview

mail is a Ruby Mail handler gem.

Affected versions of this gem contains a flaw within the sendmail and exim delivery methods, which may allow an attacker to execute arbitrary shell commands.

References

http://rubysec.com/advisories/CVE-2012-2140/
http://www.osvdb.org/show/osvdb/81632
http://www.openwall.com/lists/oss-security/2012/04/25/8