Nixpkgs security tracker

Published

Permalink CVE-2026-42246

7.6 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
4 packages
- perlPackages.NetIMAPClient
- perl5Packages.NetIMAPClient
- perl538Packages.NetIMAPClient
- perl540Packages.NetIMAPClient
4 hours ago
@LeSuisse ignored
6 references
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.

References

https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp x_refsource_CONFIRM
https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da x_refsource_MISC

Ignored references (6)

https://github.com/ruby/net-imap/releases/tag/v0.3.10 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c x_refsource_MISC
https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618 x_refsource_MISC
https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e x_refsource_MISC

Affected products

net-imap

==>= 0.4.0, < 0.4.24
==>= 0.6.0, < 0.6.4
==< 0.3.10
==>= 0.5.0, < 0.5.14

Matching in nixpkgs

pkgs.rubyPackages.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_3.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_4.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_4_0.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

Ignored packages (4)

pkgs.perlPackages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507
nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl5Packages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507

pkgs.perl538Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl540Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

Published

Permalink CVE-2026-42245

2.3 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
4 packages
- perlPackages.NetIMAPClient
- perl5Packages.NetIMAPClient
- perl538Packages.NetIMAPClient
- perl540Packages.NetIMAPClient
4 hours ago
@LeSuisse ignored
5 references
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

References

https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw x_refsource_CONFIRM
https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96 x_refsource_MISC

Ignored references (5)

https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC
https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda x_refsource_MISC

Affected products

net-imap

==< 0.4.24
==>= 0.6.0, < 0.6.4
==>= 0.5.0, < 0.5.14

Matching in nixpkgs

pkgs.rubyPackages.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_3.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_4.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_4_0.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

Ignored packages (4)

pkgs.perlPackages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507
nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl5Packages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507

pkgs.perl538Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl540Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

Published

Permalink CVE-2026-42257

5.8 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
4 packages
- perlPackages.NetIMAPClient
- perl5Packages.NetIMAPClient
- perl538Packages.NetIMAPClient
- perl540Packages.NetIMAPClient
4 hours ago
@LeSuisse ignored
2 references
- https://github.com/ruby/net-imap/releas…
- https://github.com/ruby/net-imap/releas…
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

net-imap: Command Injection via "raw" arguments to multiple commands

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

References

https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg x_refsource_CONFIRM
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC

Ignored references (2)

https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC

Affected products

net-imap

==< 0.4.24
==>= 0.6.0, < 0.6.4
==>= 0.5.0, < 0.5.14

Matching in nixpkgs

pkgs.rubyPackages.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_3.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_4.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_4_0.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

Ignored packages (4)

pkgs.perlPackages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507
nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl5Packages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507

pkgs.perl538Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl540Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

Published

Permalink CVE-2026-42256

6.0 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
4 packages
- perlPackages.NetIMAPClient
- perl538Packages.NetIMAPClient
- perl540Packages.NetIMAPClient
- perl5Packages.NetIMAPClient
4 hours ago
@LeSuisse ignored
4 references
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

References

https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7 x_refsource_CONFIRM
https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC

Ignored references (4)

https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612 x_refsource_MISC
https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758 x_refsource_MISC

Affected products

net-imap

==>= 0.6.0, < 0.6.4
==>= 0.4.0, < 0.4.24
==>= 0.5.0, < 0.5.14

Matching in nixpkgs

pkgs.rubyPackages.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_3.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_4.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_4_0.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

Ignored packages (4)

pkgs.perlPackages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507
nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl5Packages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507

pkgs.perl538Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl540Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

Published

Permalink CVE-2026-42258

5.8 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
2 references
- https://github.com/ruby/net-imap/releas…
- https://github.com/ruby/net-imap/releas…
4 hours ago
@LeSuisse ignored
4 packages
- perl540Packages.NetIMAPClient
- perl538Packages.NetIMAPClient
- perl5Packages.NetIMAPClient
- perlPackages.NetIMAPClient
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

net-imap: Command Injection via unvalidated Symbol inputs

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

References

https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px x_refsource_CONFIRM
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC

Ignored references (2)

https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC

Affected products

net-imap

==< 0.4.24
==>= 0.6.0, < 0.6.4
==>= 0.5.0, < 0.5.14

Matching in nixpkgs

pkgs.rubyPackages.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_3.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_3_4.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

pkgs.rubyPackages_4_0.net-imap

None

nixos-unstable 0.5.12
- nixpkgs-unstable 0.5.12
- nixos-unstable-small 0.5.12
nixos-25.11 0.5.12
- nixos-25.11-small 0.5.12
- nixpkgs-25.11-darwin 0.5.12

Ignored packages (4)

pkgs.perlPackages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507
nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl5Packages.NetIMAPClient

Not so simple IMAP client library

nixos-unstable 0.9507
- nixpkgs-unstable 0.9507
- nixos-unstable-small 0.9507

pkgs.perl538Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

pkgs.perl540Packages.NetIMAPClient

Not so simple IMAP client library

nixos-25.11 0.9507
- nixos-25.11-small 0.9507
- nixpkgs-25.11-darwin 0.9507

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.net-imap

pkgs.rubyPackages_3_3.net-imap

pkgs.rubyPackages_3_4.net-imap

pkgs.rubyPackages_4_0.net-imap

pkgs.perlPackages.NetIMAPClient

pkgs.perl5Packages.NetIMAPClient

pkgs.perl538Packages.NetIMAPClient

pkgs.perl540Packages.NetIMAPClient

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.net-imap

pkgs.rubyPackages_3_3.net-imap

pkgs.rubyPackages_3_4.net-imap

pkgs.rubyPackages_4_0.net-imap

pkgs.perlPackages.NetIMAPClient

pkgs.perl5Packages.NetIMAPClient

pkgs.perl538Packages.NetIMAPClient

pkgs.perl540Packages.NetIMAPClient

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.net-imap

pkgs.rubyPackages_3_3.net-imap

pkgs.rubyPackages_3_4.net-imap

pkgs.rubyPackages_4_0.net-imap

pkgs.perlPackages.NetIMAPClient

pkgs.perl5Packages.NetIMAPClient

pkgs.perl538Packages.NetIMAPClient

pkgs.perl540Packages.NetIMAPClient

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.net-imap

pkgs.rubyPackages_3_3.net-imap

pkgs.rubyPackages_3_4.net-imap

pkgs.rubyPackages_4_0.net-imap

pkgs.perlPackages.NetIMAPClient

pkgs.perl5Packages.NetIMAPClient

pkgs.perl538Packages.NetIMAPClient

pkgs.perl540Packages.NetIMAPClient

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.net-imap

pkgs.rubyPackages_3_3.net-imap

pkgs.rubyPackages_3_4.net-imap

pkgs.rubyPackages_4_0.net-imap

pkgs.perlPackages.NetIMAPClient

pkgs.perl5Packages.NetIMAPClient

pkgs.perl538Packages.NetIMAPClient

pkgs.perl540Packages.NetIMAPClient