Sha256: 8332686ab5944f47bd6634bf9ae5d5471cf1e5811fcb3d32b9b92c431b603116

Contents?: true

Size: 481 Bytes

Versions: 14

Compression:

Stored size: 481 Bytes

Contents

---
gem: multi_xml
cve: 2013-0175
osvdb: 89148
url: http://osvdb.org/show/osvdb/89148
title: multi_xml Gem for Ruby XML Parameter Parsing Remote Command Execution 
date: 2013-01-11

description: |
  The multi_xml Gem for Ruby contains a flaw that is triggered when an error
  occurs during the parsing of the 'XML' parameter. With a crafted request
  containing arbitrary symbol and yaml types, a remote attacker can execute
  arbitrary commands.

patched_versions:
  - ">= 0.5.2"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml