RCE in Ruby Net-imap
CVE-2026-47242
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quot…
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- Ruby Net-imap — versions >= 0.6.0, < 0.6.4.1, < 0.5.15
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)