RubySec

Providing security resources for the Ruby community

CVE-2013-2615 (fastreader): fastreader Gem for Ruby URI Handling Arbitrary Command Injection

ADVISORIES

GEM

fastreader

SEVERITY

CVSS v2: 9.3 (High)

PATCHED VERSIONS

None.

DESCRIPTION

fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ‘;’ character. This may allow a context-dependent attacker to potentially execute arbitrary commands.