Sha256: ea866236e1fbac2a4f7eca917336bf6d81fa3ac195b046f9b2b03aa2b7e8a36b

Contents?: true

Size: 532 Bytes

Versions: 6

Compression:

Stored size: 532 Bytes

Contents

--- 
gem: spree
cve: 2013-1656
osvdb: 91219
url: http://osvdb.org/show/osvdb/91219
title: Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution
date: 2013-02-21
description: Spree contains a flaw that is triggered when handling input passed via the 'promotion_rule' parameter to promotion_rules_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
cvss_v2: 4.3
patched_versions:

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/spree/OSVDB-91219.yml