Mail Gem Path Traversal vulnerability

Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

References

Published by the National Vulnerability Database Jul 18, 2012

Published to the GitHub Advisory Database Oct 24, 2017

Reviewed Jun 16, 2020

Last updated Nov 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

CVE ID

GHSA ID

Source code