Giters

samuelteixeiras / learnRuby

Aprendendo ruby on rails

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2012-2139 (Medium) detected in mail-2.2.19.gem

mend-bolt-for-github opened this issue · comments

commented

CVE-2012-2139 - Medium Severity Vulnerability

Vulnerable Library - mail-2.2.19.gem

A really Ruby Mail handler.

Library home page: https://rubygems.org/gems/mail-2.2.19.gem

Dependency Hierarchy:

  • rails-3.0.9.gem (Root Library)
    • actionmailer-3.0.9.gem
      • mail-2.2.19.gem (Vulnerable Library)

Found in HEAD commit: 0c785fd9400921392b8ee5e3e166f30364359ecc

Found in base branch: master

Vulnerability Details

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Publish Date: 2012-07-18

URL: CVE-2012-2139

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-2139

Release Date: 2012-07-18

Fix Resolution: 2.4.4

Step up your Open Source Security Game with WhiteSource here