RubySec

Providing security resources for the Ruby community

CVE-2013-1802 (extlib): extlib Gem for Ruby Type Casting Parameter Parsing Remote Code Execution

ADVISORIES

GEM

extlib

SEVERITY

CVSS v2: 9.3

PATCHED VERSIONS

  • >= 0.9.16

DESCRIPTION

extlib Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.