CVE-2012-2139Path Traversal in Mail

CWE-22Path Traversal8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
3.5%
top 12.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud MailRubygems Mail GEM
Timeline
PublishedJul 18
Latest updateOct 24

Description

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDrubygems/mail_gem2.4.3+3
RubyGemsnextcloud/mail< 2.4.4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Mail Gem Path Traversal vulnerability2017-10-24
GHSA
Mail Gem Path Traversal vulnerability2017-10-24
OSV
CVE-2012-2139: Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery2012-07-18
CVEList
CVE-2012-2139: Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery2012-07-18

📋Vendor Advisories

2
Red Hat
rubygem-mail: directory traversal2012-03-14
Debian
CVE-2012-2139: ruby-mail - Directory traversal vulnerability in lib/mail/network/delivery_methods/file_deli...2012

💬Community

1
Bugzilla
CVE-2012-2139 rubygem-mail: directory traversal2013-01-03
CVE-2012-2139 — Path Traversal in Nextcloud Mail | cvebase