Mail Gem Path Traversal vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Nov 4, 2023
Description
Published by the National Vulnerability Database
Jul 18, 2012
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Nov 4, 2023
Directory traversal vulnerability in
lib/mail/network/delivery_methods/file_delivery.rbin the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a..(dot dot) in the to parameter.References