---
gem: multi_xml
cve: 2013-0175
osvdb: 89148
url: https://nvd.nist.gov/vuln/detail/CVE-2013-0175
title: multi_xml Gem for Ruby XML Parameter Parsing Remote Command Execution 
date: 2013-01-11

description: |
  The multi_xml Gem for Ruby contains a flaw that is triggered when an error
  occurs during the parsing of the 'XML' parameter. With a crafted request
  containing arbitrary symbol and yaml types, a remote attacker can execute
  arbitrary commands.

patched_versions:
  - ">= 0.5.2"