Sha256: 82d844cfbf37f3a036c36ded013879ce4385785a756060bd56f3b690376895c5

Contents?: true

Size: 547 Bytes

Versions: 6

Compression:

Stored size: 547 Bytes

Contents

---
gem: refile
osvdb: 120857
url: https://groups.google.com/forum/#!topic/ruby-security-ann/VIfMO2LvzNs
title: refile Gem for Ruby contains a remote code execution vulnerability
date: 2015-04-15
description: |
  refile Gem for Ruby contains a flaw that is triggered when input is not
  sanitized when handling the 'remote_image_url' field in a form, where
  'image' is the name of the attachment. This may allow a remote attacker
  to execute arbitrary shell commands.
cvss_v2:
unaffected_versions:
  - "< 0.5.0"
patched_versions:
  - '>= 0.5.4'

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/refile/OSVDB-120857.yml