CVE-2012-2139

Published: Jul 18, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=816352

x_refsource_MISC

FEDORA-2012-7535

vendor-advisory

x_refsource_FEDORA

[oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4

mailing-list

x_refsource_MLIST

FEDORA-2012-7692

vendor-advisory

x_refsource_FEDORA

https://bugzilla.novell.com/show_bug.cgi?id=759092

x_refsource_MISC

48970

third-party-advisory

x_refsource_SECUNIA

https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f

x_refsource_CONFIRM

FEDORA-2012-7619

vendor-advisory

x_refsource_FEDORA

[oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-2139

Description

Affected Products

References