Sha256: 986b68de243110c8ab0c51ccf370621ff6684a2870922a4925450a9080093e6e

Contents?: true

Size: 518 Bytes

Versions: 3

Compression:

Stored size: 518 Bytes

Contents

--- 
gem: rgpg
osvdb: 95948
cve: 2013-4203
url: http://www.osvdb.org/show/osvdb/95948
title: Ruby rgpg Gem Shell Command Injection Vulnerabilities
date: 2013-08-02
description: |
  rgpg Gem for Ruby contains a flaw in the GpgHelper module (lib/rgpg/gpg_helper.rb).
  The issue is due to the program failing to properly sanitize user-supplied input before being used in the system() function for execution.
  This may allow a remote attacker to execute arbitrary commands.
cvss_v2: 7.5
patched_versions: 
  - ">= 0.2.3"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml