CVE-2015-9097

Published: Jun 12, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mikel/mail/pull/1097

x_refsource_MISC

https://hackerone.com/reports/137631

x_refsource_MISC

https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83

x_refsource_MISC

http://openwall.com/lists/oss-security/2015/12/11/3

x_refsource_MISC

https://rubysec.com/advisories/mail-OSVDB-131677

x_refsource_MISC

https://github.com/rubysec/ruby-advisory-db/issues/215

x_refsource_MISC

http://www.mbsd.jp/Whitepaper/smtpi.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-9097

Description

Affected Products

References