RubySec

Providing security resources for the Ruby community

CVE-2013-1800 (crack): crack Gem for Ruby Type Casting Parameter Parsing Remote Code Execution

ADVISORIES

GEM

crack

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 0.3.2

DESCRIPTION

crack Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.