Sha256: 4858d17c51ee01511bd6a46b994b489b8b63b3066c613a6a4c2de3062358c7ec

Contents?: true

Size: 533 Bytes

Versions: 3

Compression:

Stored size: 533 Bytes

Contents

---
gem: sprout
cve: 2013-6421
osvdb: 100598
url: http://www.osvdb.org/show/osvdb/100598
title: Sprout Gem for Ruby contains a flaw
date: 2013-12-02
description: sprout Gem for Ruby contains a flaw in the unpack_zip() function in archive_unpacker.rb.
  The issue is due to the program failing to properly sanitize input passed via the 'zip_file', 'dir',
  'zip_name', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code.
cvss_v2: 7.5
patched_versions: 
unaffected_versions:
  - '< 0.7.246'

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/sprout/OSVDB-100598.yml