ADVISORIES
- CVE-2013-2512 (NVD)
- GHSA-7vxr-6cxg-j3x8
- OSVDB-90784
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
CVSS v2.0: 9.0 (High)
PATCHED VERSIONS
- >= 0.2.2
DESCRIPTION
ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands.