Sha256: bda6c9a1408888abcadc33ba5b4f78a735c83e28d9447d9889f0df49e73dba7f

Contents?: true

Size: 477 Bytes

Versions: 6

Compression:

Stored size: 477 Bytes

Contents

---
gem: flavour_saver
osvdb: 110796
url: http://osvdb.org/show/osvdb/110796
title: |
  FlavourSaver handlebars helper remote code execution.
date: 2014-09-04
description: |
  FlavourSaver contains a flaw in helper method dispatch where it uses
  Kernel::send to call helpers without checking that they are defined
  within the template context first.  This allows expressions such as
  {{system "ls"}} or {{eval "puts 1 + 1"}} to be executed.
patched_versions:
  - ">= 0.3.3"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml