ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution
Published: April 01, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-1911 (NVD)
- GHSA: GHSA-g266-3crh-h7gj
- OSVDB: OSVDB-91870
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
None available.
DESCRIPTION
ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands.