CVE-2015-9096

Published: Jun 12, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-3966

vendor-advisory

x_refsource_DEBIAN

https://hackerone.com/reports/137631

x_refsource_MISC

[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update

mailing-list

x_refsource_MLIST

https://github.com/rubysec/ruby-advisory-db/issues/215

x_refsource_MISC

https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee

x_refsource_MISC

http://www.mbsd.jp/Whitepaper/smtpi.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-9096

Description

Affected Products

References