Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-2139
Vulnerability from gsd - Updated: 2012-03-14 00:00Details
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2139",
"description": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.",
"id": "GSD-2012-2139",
"references": [
"https://www.suse.com/security/cve/CVE-2012-2139.html",
"https://access.redhat.com/errata/RHSA-2012:1542"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "mail",
"purl": "pkg:gem/mail"
}
}
],
"aliases": [
"CVE-2012-2139",
"OSVDB-81631"
],
"details": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.",
"id": "GSD-2012-2139",
"modified": "2012-03-14T00:00:00.000Z",
"published": "2012-03-14T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2139"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
}
],
"summary": "CVE-2012-2139 rubygem-mail: directory traversal"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816352",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816352"
},
{
"name": "FEDORA-2012-7535",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html"
},
{
"name": "[oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/25/8"
},
{
"name": "FEDORA-2012-7692",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=759092",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=759092"
},
{
"name": "48970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48970"
},
{
"name": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f",
"refsource": "CONFIRM",
"url": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f"
},
{
"name": "FEDORA-2012-7619",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html"
},
{
"name": "[oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/26/1"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-2139",
"cvss_v2": 5.0,
"date": "2012-03-14",
"description": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.",
"gem": "mail",
"osvdb": 81631,
"patched_versions": [
"\u003e= 2.4.4"
],
"title": "CVE-2012-2139 rubygem-mail: directory traversal",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2139"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=2.3.2 \u003c=2.4.3",
"affected_versions": "All versions starting from 2.3.2 up to 2.4.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2013-10-07",
"description": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.",
"fixed_versions": [
"2.4.4"
],
"identifier": "CVE-2012-2139",
"identifiers": [
"CVE-2012-2139"
],
"not_impacted": "All versions before 2.3.2, all versions after 2.4.3",
"package_slug": "gem/mail",
"pubdate": "2012-07-18",
"solution": "Upgrade to version 2.4.4 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-2139"
],
"uuid": "8d48e5eb-1af1-49f8-a7d2-bcdf65d03454"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:mail_gem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:mail_gem:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:mail_gem:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:mail_gem:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2139"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816352",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816352"
},
{
"name": "48970",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48970"
},
{
"name": "[oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/04/26/1"
},
{
"name": "[oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/04/25/8"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=759092",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=759092"
},
{
"name": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f"
},
{
"name": "FEDORA-2012-7619",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html"
},
{
"name": "FEDORA-2012-7692",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html"
},
{
"name": "FEDORA-2012-7535",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-10-07T16:18Z",
"publishedDate": "2012-07-18T18:55Z"
}
}
}