CVE-2012-2139 (Medium) detected in mail-2.2.19.gem
mend-bolt-for-github opened this issue · comments
mend-bolt-for-github commented
CVE-2012-2139 - Medium Severity Vulnerability
Vulnerable Library - mail-2.2.19.gem
A really Ruby Mail handler.
Library home page: https://rubygems.org/gems/mail-2.2.19.gem
Dependency Hierarchy:
- rails-3.0.9.gem (Root Library)
- actionmailer-3.0.9.gem
- ❌ mail-2.2.19.gem (Vulnerable Library)
- actionmailer-3.0.9.gem
Found in HEAD commit: 0c785fd9400921392b8ee5e3e166f30364359ecc
Found in base branch: master
Vulnerability Details
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
Publish Date: 2012-07-18
URL: CVE-2012-2139
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-2139
Release Date: 2012-07-18
Fix Resolution: 2.4.4
Step up your Open Source Security Game with WhiteSource here