CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-2139

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.1%

CVSS Severity

CVSS v2 Score 5.0

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
http://secunia.com/advisories/48970
http://www.openwall.com/lists/oss-security/2012/04/25/8
http://www.openwall.com/lists/oss-security/2012/04/26/1
https://bugzilla.novell.com/show_bug.cgi?id=759092
https://bugzilla.redhat.com/show_bug.cgi?id=816352
https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
http://secunia.com/advisories/48970
http://www.openwall.com/lists/oss-security/2012/04/25/8
http://www.openwall.com/lists/oss-security/2012/04/26/1
https://bugzilla.novell.com/show_bug.cgi?id=759092
https://bugzilla.redhat.com/show_bug.cgi?id=816352
https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f

Products affected by CVE-2012-2139

Rubygems » Mail Gem » Version: Any

cpe:2.3:a:rubygems:mail_gem:*
Rubygems » Mail Gem » Version: 2.3.2

cpe:2.3:a:rubygems:mail_gem:2.3.2
Rubygems » Mail Gem » Version: 2.3.3

cpe:2.3:a:rubygems:mail_gem:2.3.3
Rubygems » Mail Gem » Version: 2.4.1

cpe:2.3:a:rubygems:mail_gem:2.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2139

Products

Pricing

Contact Us