Your submission was sent successfully! Close

CVE-2015-9096

Published: 12 June 2017

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
ruby1.9.1
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [1.9.3.484-2ubuntu1.3])
upstream Needed

xenial Does not exist

yakkety Does not exist

zesty Does not exist

ruby2.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [2.0.0.484-1ubuntu2.4])
upstream Needed

xenial Does not exist

yakkety Does not exist

zesty Does not exist

ruby2.3
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needed

xenial
Released (2.3.1-2~16.04.2)
yakkety Ignored
(reached end-of-life)
zesty
Released (2.3.3-1ubuntu0.1)