RubySec

Providing security resources for the Ruby community

CVE-2013-2512 (ftpd): ftpd Gem for Ruby Shell Character Handling Remote Command Injection

ADVISORIES

GEM

ftpd

SEVERITY

CVSS v2: 9.0

PATCHED VERSIONS

  • >= 0.2.2

DESCRIPTION

ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands.