WS-2015-0029 Medium Severity Vulnerability detected by WhiteSource
Opened this issue · 0 comments
mend-bolt-for-github commented
WS-2015-0029 - Medium Severity Vulnerability
Vulnerable Library - mail-2.4.4.gem
A really Ruby Mail handler.
path: /var/lib/gems/2.3.0/cache/mail-2.4.4.gem
Library home page: http://rubygems.org/gems/mail-2.4.4.gem
Dependency Hierarchy:
- rails-3.2.11.gem (Root Library)
- actionmailer-3.2.11.gem
- ❌ mail-2.4.4.gem (Vulnerable Library)
- actionmailer-3.2.11.gem
Vulnerability Details
Because the Mail Gem for Ruby does not validate or impose a length limit on email address fields, an attacker can modify messages sent with the gem via a specially-crafted recipient email address.
Publish Date: 2015-12-09
URL: WS-2015-0029
Step up your Open Source Security Game with WhiteSource here