CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 2CVE-2012-2140 – rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
https://notcve.org/view.php?id=CVE-2012-2140
18 Jul 2012 — The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. La gema Mail antes de v2.4.3 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en (1) sendmail o (2) una entrega exim. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2012-2139 – rubygem-mail: directory traversal
https://notcve.org/view.php?id=CVE-2012-2139
18 Jul 2012 — Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. Vulnerabilidad de salto de directorio en lib/mail/network/delivery_methods/file_delivery.rb en la gema Mail antes de v2.4.3 para Ruby, permite a atacantes remotos para leer archivos de su elección a través de .. (punto punto) en el parámetro to. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •