Sha256: 50a26f575b03a92392df954b898546e37763abb786209a087df86f6cb4654de4

Contents?: true

Size: 520 Bytes

Versions: 9

Compression:

Stored size: 520 Bytes

Contents

--- 
gem: thumbshooter
cve: 2013-1898
osvdb: 91839
url: http://osvdb.org/show/osvdb/91839
title: Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution
date: 2013-03-26
description: Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands.
cvss_v2: 7.5
patched_versions:

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/thumbshooter/OSVDB-91839.yml