Sha256: 231be56c4b104abc438b80c064c485aee78f98f42c587c744fe962d8bd5def17

Contents?: true

Size: 516 Bytes

Versions: 9

Compression:

Stored size: 516 Bytes

Contents

--- 
gem: cremefraiche
cve: 2013-2090
osvdb: 93395
url: http://osvdb.org/show/osvdb/93395
title: Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
date: 2013-05-14
description: Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands
cvss_v2: 
patched_versions: 
  - ">= 0.6.1"

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml