CVE-2011-0739Improper Input Validation in Mail

CWE-20Improper Input Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.7%
top 26.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud MailMikel Lindsaar Mail
Timeline
PublishedFeb 2
Latest updateOct 24

Description

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

RubyGemsnextcloud/mail< 2.2.15
NVDmikel_lindsaar/mail2.2.14+51

Patches

Patch: groups.google.comPatch: github.comPatch: groups.google.com

🔴Vulnerability Details

3
GHSA
Mail Improper Input Validation vulnerability2017-10-24
OSV
Mail Improper Input Validation vulnerability2017-10-24
CVEList
CVE-2011-0739: The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail2011-02-02
CVE-2011-0739 — Improper Input Validation in Mail | cvebase