Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution
Published: March 26, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-1898 (NVD)
- GHSA: GHSA-7fqj-cg79-f2pv
- OSVDB: OSVDB-91839
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands.