Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-9096

Опубликовано: 12 июн. 2017
Источник: debian
EPSS Низкий

Описание

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby2.3fixed2.3.3-1+deb9u1package
ruby2.1removedpackage
ruby1.9.1removedpackage
ruby1.9.1no-dsawheezypackage
ruby1.8removedpackage
ruby1.8no-dsawheezypackage

Примечания

  • https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee

  • https://github.com/rubysec/ruby-advisory-db/issues/215

EPSS

Процентиль: 77%
0.01099
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-9096

CVSS3: 6.1
ubuntu
около 8 лет назад

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

redhat логотип

CVE-2015-9096

CVSS3: 5.3
redhat
около 8 лет назад

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

nvd логотип

CVE-2015-9096

CVSS3: 6.1
nvd
около 8 лет назад

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

github логотип

GHSA-2h3c-5vqm-gqfh

CVSS3: 6.1
github
больше 3 лет назад

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

suse-cvrf логотип

SUSE-SU-2020:1570-1

suse-cvrf
около 5 лет назад

Security update for ruby2.1

EPSS

Процентиль: 77%
0.01099
Низкий