PT-2017-7545 · Ruby · Mail Gem

Jeremy

Published

2017-06-12

Updated

2017-10-24

CVE-2015-9097

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mail gem versions prior to 2.5.5

Description The issue allows for SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command. This can be demonstrated by CRLF sequences immediately before and after a DATA substring.

Recommendations For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

CVE-2015-9097

DLA-489-1

GHSA-Q86F-FMQF-QRF6

Affected Products

Mail Gem

PT-2017-7545 · Ruby · Mail Gem

CVE-2015-9097

Weakness Enumeration

Related Identifiers

Affected Products

References · 17