Welcome

The Ruby on Rails Security Project would like to help you make your Rails applications more secure. I'm Heiko Webers of bauland42 and I also do Rails security audits. You read the official Rails Security Guide? Great, so we know each other already, I wrote it. Contact me at 42 -the AT sign- bauland42.de or on Twitter.

Do you have a Rails security strategy?
Here's the new complete Rails guide to developing an overall security strategy. If you sign up today, I’ll give it to you for free.

Search
Feeds / Syndication
Most Popular
This site is currently being updated to be more useful, enter your email to be notified

« Several vulnerabilities in Rails 2 & 3 | Main | Ruby on Rails 3 Security Updated »
Wednesday
Jan262011

Vulnerability in the Mail gem affecting Rails 3.0.x applications

As the Ruby on Rails Security group announced today, there is a vulnerability in the sendmail delivery agent of the Mail gem that could allow an attacker to pass arbitrary commands to the system.

Versions Affected: Versions 2.2.14 or earlier
Not affected:        Any application not using sendmail delivery
Fixed Versions:     2.2.15 or later

More information in the original post in Ruby's mailer Group.

PrintView Printer Friendly Version

EmailEmail Article to Friend