CVE-2013-2516 (fileutils): fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution

February 28th, 2013

ADVISORIES

CVE-2013-2516 (NVD)
OSVDB-90717

GEM

PATCHED VERSIONS

>= 0.7.1

DESCRIPTION

fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.

RubySec

CVE-2013-2516 (fileutils): fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

Recent Advisories