WS-2015-0029 Medium Severity Vulnerability detected by WhiteSource

Question

WS-2015-0029 Medium Severity Vulnerability detected by WhiteSource

Opened this issue 6 years ago · 0 comments

mend-bolt-for-github commented 6 years ago

WS-2015-0029 - Medium Severity Vulnerability

Vulnerable Library - mail-2.4.4.gem

A really Ruby Mail handler.

path: /var/lib/gems/2.3.0/cache/mail-2.4.4.gem

Library home page: http://rubygems.org/gems/mail-2.4.4.gem

Dependency Hierarchy:

rails-3.2.11.gem (Root Library)
- actionmailer-3.2.11.gem
  - ❌ mail-2.4.4.gem (Vulnerable Library)

Vulnerability Details

Because the Mail Gem for Ruby does not validate or impose a length limit on email address fields, an attacker can modify messages sent with the gem via a specially-crafted recipient email address.

Publish Date: 2015-12-09

URL: WS-2015-0029

CVSS 2 Score Details (5.9)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here