|Description||Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
The information below is based on the following data on fixed versions.
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
[wheezy] - ruby1.8 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)