CVE-2013-2513 (flash_tool): flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution

March 4th, 2013

ADVISORIES

CVE-2013-2513 (NVD)
GHSA-6325-6g32-7p35
OSVDB-90829

GEM

flash_tool

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

None.

DESCRIPTION

flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.

RubySec

CVE-2013-2513 (flash_tool): flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories