Ruby Gem nori Parameter Parsing Remote Code Execution
Published: January 10, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0285 (NVD)
- GHSA: GHSA-4936-rj25-6wm6
- OSVDB: OSVDB-90196
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
~> 1.0.3
~> 1.1.4
>= 2.0.2
DESCRIPTION
The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156.