Net::IMAP: Command injection via non-synchronizing literals
Summary
Net::IMAP: Command injection via non-synchronizing literals. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-93. Red Hat lists fixing advisory RHSA-2026:33721 with package ruby3-3-main-3.3.10-23.2.hum1.
- < 0.6.5
- < 0.5.15
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- ruby3-3-main-3.3.10-23.2.hum1
- RHSA-2026:33721
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Explicitly validate user-controlled inputs to prevent embedded non-synchronizing literals unless the server supports them. For a simpler, more cautious approach: all embedded literals can be unconditionally prohibited, by checking that string inputs do not contain any CR or LF bytes.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.