ADVISORIES
- CVE-2013-1875 (NVD)
- GHSA-p673-hjf2-pwfr
- OSVDB-91450
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
None.
DESCRIPTION
command_wrap Gem for Ruby contains a flaw that is triggered during the handling of input passed via the URL that contains a semicolon character (;). This will allow a remote attacker to inject arbitrary commands and have them executed in the context of the user clicking it.