ADVISORIES
- CVE-2013-0175 (NVD)
- GHSA-pchc-949f-53m5
- OSVDB-89148
GEM
PATCHED VERSIONS
- >= 0.5.2
DESCRIPTION
The multi_xml Gem for Ruby contains a flaw that is triggered when an error occurs during the parsing of the ‘XML’ parameter. With a crafted request containing arbitrary symbol and yaml types, a remote attacker can execute arbitrary commands.