RubySec

Providing security resources for the Ruby community

CVE-2013-0285 (nori): Ruby Gem nori Parameter Parsing Remote Code Execution

ADVISORIES

GEM

nori

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • ~> 1.0.3
  • ~> 1.1.4
  • >= 2.0.2

DESCRIPTION

The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156.