ADVISORIES

• CVE-2013-1911 (NVD)
• GHSA-g266-3crh-h7gj
• OSVDB-91870

GEM

ldoce

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands.