CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
Published: March 14, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-2140 (NVD)
- GHSA: GHSA-rp63-jfmw-532w
- OSVDB: OSVDB-81632
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
>= 2.4.4
DESCRIPTION
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.