CVEbaza.plSłownik CWECWE-162
Common Weakness Enumeration

CWE-162

Improper Neutralization of Trailing Special Elements

Kategoria: VariantCVE: 1
Opis

Produkt otrzymuje dane wejściowe z komponentu nadrzędnego, ale nie neutralizuje lub nieprawidłowo neutralizuje końcowe elementy specjalne, które mogą być interpretowane w nieoczekiwany sposób po wysłaniu do komponentu podrzędnego. Luka ta może prowadzić do bezpieczeństwa lub poprawności działania systemu.

Description (EN)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.

Podatności CVE z CWE-162 (1)
2.1
CVSS
LOW
CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15.

pub. 2026-06-22
Informacje
ID: CWE-162
Typ: Variant
Podatności: 1
MITRE CWE ↗
← Słownik CWE
CWE-162 — Niewłaściwa neutralizacja końcowych elementów specjalnych | Słownik CWE | CVEbaza.pl