Sha256: ad075931db6f46e3ed4886157b18a5e42d7e1d1cd4333aca1178b56fe73e447e

Contents?: true

Size: 499 Bytes

Versions: 6

Compression:

Stored size: 499 Bytes

Contents

--- 
gem: rgpg
osvdb: 95948
url: http://www.osvdb.org/show/osvdb/95948
title: Ruby rgpg Gem Shell Command Injection Vulnerabilities
date: 2013-08-02
description: |
  rgpg Gem for Ruby contains a flaw in the GpgHelper module (lib/rgpg/gpg_helper.rb).
  The issue is due to the program failing to properly sanitize user-supplied input before being used in the system() function for execution.
  This may allow a remote attacker to execute arbitrary commands.
cvss_v2:
patched_versions: 
  - ">= 0.2.3"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml