Описание
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.2 | ruby193-rubygem-mail | Will not fix | ||
| CloudForms Management Engine 5.3 | ruby193-rubygem-mail | Will not fix | ||
| Red Hat Software Collections | rh-ror41-rubygem-mail | Will not fix | ||
| Red Hat Software Collections | rh-ror42-rubygem-mail | Not affected | ||
| Red Hat Software Collections | ror40-rubygem-mail | Will not fix | ||
| Red Hat Software Collections | ruby193-rubygem-mail | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-mail | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-mail | Will not fix |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...
5 Medium
CVSS2