Описание
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CloudForms Tools 1 | rubygem-mail | Affected | ||
| Red Hat Subscription Asset Manager | rubygem-mail | Affected | ||
| CloudForms for RHEL 6 | converge-ui-devel | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | puppet | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-actionpack | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-activerecord | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-activesupport | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-chunky_png | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-compass | Fixed | RHSA-2012:1542 | 04.12.2012 |
| CloudForms for RHEL 6 | rubygem-compass-960-plugin | Fixed | RHSA-2012:1542 | 04.12.2012 |
Показывать по
10
Дополнительная информация
Статус:
Low
https://bugzilla.redhat.com/show_bug.cgi?id=891762rubygem-mail: directory traversal
5 Medium
CVSS2
Связанные уязвимости
nvd
больше 13 лет назад
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
debian
больше 13 лет назад
Directory traversal vulnerability in lib/mail/network/delivery_methods ...
5 Medium
CVSS2