RubySec

Providing security resources for the Ruby community

CVE-2012-2140 (mail): Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Execution

ADVISORIES

GEM

mail

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 2.4.4

DESCRIPTION

Mail Gem for Ruby contains a flaw that occurs within the sendmail and exim delivery methods, which may allow an attacker to execute arbitrary shell commands..