---
gem: sprout
cve: 2013-6421
osvdb: 100598
url: https://nvd.nist.gov/vuln/detail/CVE-2013-6421
title: sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution
date: 2013-12-02
description: |
  sprout Gem for Ruby contains a flaw in the unpack_zip() function in
  archive_unpacker.rb. The issue is due to the program failing to properly
  sanitize input passed via the 'zip_file', 'dir', 'zip_name', and 'output'
  parameters. This may allow a context-dependent attacker to execute arbitrary
  code.
cvss_v2: 7.5
unaffected_versions:
  - '< 0.7.246'