Sha256: cec719a459acb25a4efd01bcd6b761df04a98ce50204df51260f22b726962d40

Contents?: true

Size: 518 Bytes

Versions: 5

Compression:

Stored size: 518 Bytes

Contents

---
gem: cremefraiche
cve: 2013-2090
osvdb: 93395
url: http://osvdb.org/show/osvdb/93395
title: Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
date: 2013-05-14
description: Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands
cvss_v2: 9.3
patched_versions:
  - ">= 0.6.1"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/cremefraiche/OSVDB-93395.yml