ADVISORIES

• CVE-2013-1898 (NVD)
• GHSA-7fqj-cg79-f2pv
• OSVDB-91839

GEM

thumbshooter

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

None.

DESCRIPTION

Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands.