« Several vulnerabilities in Rails 2 & 3 | Main | Ruby on Rails 3 Security Updated »
Wednesday
Jan262011

Vulnerability in the Mail gem affecting Rails 3.0.x applications

As the Ruby on Rails Security group announced today, there is a vulnerability in the sendmail delivery agent of the Mail gem that could allow an attacker to pass arbitrary commands to the system.

Versions Affected: Versions 2.2.14 or earlier
Not affected:        Any application not using sendmail delivery
Fixed Versions:     2.2.15 or later

More information in the original post in Ruby's mailer Group.

PrintView Printer Friendly Version

EmailEmail Article to Friend