Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
Published: May 14, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2090 (NVD)
- GHSA: GHSA-m6f7-46hw-grcj
- OSVDB: OSVDB-93395
GEM
SEVERITY
CVSS v2.0: 9.3 (High)
PATCHED VERSIONS
>= 0.6.1
DESCRIPTION
Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands