Sha256: 0fac3b4b22ce4a1a1a6c54758775f335cd38eb7b0b5d971e82051e7a07444a94

Contents?: true

Size: 592 Bytes

Versions: 5

Compression:

Stored size: 592 Bytes

Contents

---
gem: sprout
cve: 2013-6421
osvdb: 100598
url: http://www.osvdb.org/show/osvdb/100598
title: sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution
date: 2013-12-02
description: |
  sprout Gem for Ruby contains a flaw in the unpack_zip() function in
  archive_unpacker.rb. The issue is due to the program failing to properly
  sanitize input passed via the 'zip_file', 'dir', 'zip_name', and 'output'
  parameters. This may allow a context-dependent attacker to execute arbitrary
  code.
cvss_v2: 7.5
unaffected_versions:
  - '< 0.7.246'

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml