CVE-2011-0739

critical

Description

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

References

https://github.com/mikel/mail/raw/master/patches/20110126_sendmail.patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65010

http://www.vupen.com/english/advisories/2011/0233

http://www.securityfocus.com/bid/46021

http://secunia.com/advisories/43077

http://osvdb.org/70667

http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1

Details

Source: Mitre, NVD

Published: 2011-02-02

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00735

Detections

Analytics