flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Published: March 04, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2513 (NVD)
- GHSA: GHSA-6325-6g32-7p35
- OSVDB: OSVDB-90829
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
None available.
DESCRIPTION
flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.