fastreader Gem for Ruby URI Handling Arbitrary Command Injection
Published: March 13, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2615 (NVD)
- GHSA: GHSA-w248-xr37-jx8m
- OSVDB: OSVDB-91232
GEM
SEVERITY
CVSS v2.0: 9.3 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands.