High severityNVD Advisory· Published Jul 18, 2012· Updated Apr 29, 2026

CVE-2012-2140

Description

The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mailRubyGems	< 2.4.3	2.4.3

Affected products

RubyGems/Mail Gem3 versions
cpe:2.3:a:rubygems:mail_gem:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:rubygems:mail_gem:*:*:*:*:*:*:*:*range: <=2.4.1
- cpe:2.3:a:rubygems:mail_gem:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:mail_gem:2.3.3:*:*:*:*:*:*:*

Patches

39b590ddb08f

https://github.com/mikel/mailvia ghsa

commit

ac56f03bdfc3

https://github.com/mikel/mailvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0nvdExploitPatchWEB
github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2nvdExploitPatchWEB
secunia.com/advisories/48970nvdVendor Advisory
github.com/advisories/GHSA-rp63-jfmw-532wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-2140ghsaADVISORY
lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.htmlnvdWEB
lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.htmlnvdWEB
lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.htmlnvdWEB
www.openwall.com/lists/oss-security/2012/04/25/8nvdWEB
www.openwall.com/lists/oss-security/2012/04/26/1nvdWEB
bugzilla.novell.com/show_bug.cginvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB
github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdocnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.003
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000