extlib Gem for Ruby Type Casting Parameter Parsing Remote Code Execution
Published: January 08, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-1802 (NVD)
- GHSA: GHSA-9h36-4jf2-hx53
- OSVDB: OSVDB-90740
GEM
SEVERITY
CVSS v2.0: 9.3 (High)
PATCHED VERSIONS
>= 0.9.16
DESCRIPTION
extlib Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.