Sha256: f0349c0067d1eba4026dacb6d67a36f5b701a733be1128103a0d87743a8e0243

Contents?: true

Size: 515 Bytes

Versions: 6

Compression:

Stored size: 515 Bytes

Contents

---
gem: spree
osvdb: 76011
url: https://spreecommerce.com/blog/remote-command-product-group
title: |
  Spree Search ProductScope Class search[send][] Parameter Arbitrary Command
  Execution
date: 2011-10-05
description: |
  The ProductScope class fails to properly sanitize user-supplied input via the
  'search[send][]' parameter resulting in arbitrary command execution. With a
  specially crafted request, a remote attacker can potentially cause arbitrary
  command execution.
patched_versions:
  - ">= 0.60.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/spree/OSVDB-76011.yml