Sha256: 9b73b2a8840a52bc1c0327c2b4af0cca70a9fd021746b0a1a2af171ca606a885

Contents?: true

Size: 501 Bytes

Versions: 9

Compression:

Stored size: 501 Bytes

Contents

--- 
gem: command_wrap
cve: 2013-1875
osvdb: 91450
url: http://osvdb.org/show/osvdb/91450
title: command_wrap Gem for Ruby URI Handling Arbitrary Command Injection
date: 2013-03-18
description: command_wrap Gem for Ruby contains a flaw that is triggered during the handling of input passed via the URL that contains a semicolon character (;). This will allow a remote attacker to inject arbitrary commands and have them executed in the context of the user clicking it.
cvss_v2: 7.5
patched_versions:

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/command_wrap/OSVDB-91450.yml