ftpd Gem for Ruby Shell Character Handling Remote Command Injection
Published: February 28, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2512 (NVD)
- GHSA: GHSA-7vxr-6cxg-j3x8
- OSVDB: OSVDB-90784
GEM
SEVERITY
PATCHED VERSIONS
>= 0.2.2
DESCRIPTION
ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands.