Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-2140

Published: 18/07/2012 Updated: 30/10/2012
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Rubygems

Vulnerability Summary

The Mail gem prior to 2.4.3 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubygems mail gem

rubygems mail gem 2.3.3

rubygems mail gem 2.3.2

References

CWE-20http://www.openwall.com/lists/oss-security/2012/04/25/8https://bugzilla.novell.com/show_bug.cgi?id=759092https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2https://bugzilla.redhat.com/show_bug.cgi?id=816352https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0http://secunia.com/advisories/48970http://www.openwall.com/lists/oss-security/2012/04/26/1https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdochttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook