Sha256: 206cfdf3874fbdb551742926d62e57b47196b1a658293d3ecf3b6fe89454ed79

Contents?: true

Size: 537 Bytes

Versions: 3

Compression:

Stored size: 537 Bytes

Contents

---
gem: spree
cve: 2013-1656
osvdb: 91218
url: http://osvdb.org/show/osvdb/91218
title: Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution
date: 2013-02-21
description: Spree contains a flaw that is triggered when handling input passed via the 'calculator_type' parameter to promotions_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
cvss_v2: 4.3
patched_versions:
  - ">= 2.0.0"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/spree/OSVDB-91218.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/spree/OSVDB-91218.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/spree/OSVDB-91218.yml