CVE-2013-2090 (cremefraiche): Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution

May 14th, 2013

ADVISORIES

CVE-2013-2090 (NVD)
GHSA-m6f7-46hw-grcj
OSVDB-93395

GEM

cremefraiche

SEVERITY

CVSS v2.0: 9.3 (High)

PATCHED VERSIONS

>= 0.6.1

DESCRIPTION

Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands

RubySec

CVE-2013-2090 (cremefraiche): Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories