CVE-2015-9096

Published: 12 June 2017

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Priority

CVSS 3 base score: 6.1

Status

Package	Release	Status
ruby1.9.1 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was released [1.9.3.484-2ubuntu1.3])
	upstream	Needed
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
ruby2.0 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was released [2.0.0.484-1ubuntu2.4])
	upstream	Needed
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
ruby2.3 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Needed
	xenial	Released (2.3.1-2~16.04.2)
	yakkety	Ignored (reached end-of-life)
	zesty	Released (2.3.3-1ubuntu0.1)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›