CVE-2013-2516 (fileutils): fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution

February 28th, 2013

ADVISORIES

CVE-2013-2516 (NVD)
GHSA-9x97-x2p9-hvpf
OSVDB-90717

GEM

fileutils

SEVERITY

CVSS v3.x: 8.8 (High)

PATCHED VERSIONS

>= 0.7.1

DESCRIPTION

fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.

RubySec

CVE-2013-2516 (fileutils): fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories