CVE-2012-2140 (mail): CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline

March 14th, 2012

ADVISORIES

CVE-2012-2140 (NVD)
GHSA-rp63-jfmw-532w
OSVDB-81632

GEM

mail

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

>= 2.4.4

DESCRIPTION

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

RubySec

CVE-2012-2140 (mail): CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories