RubySec

Providing security resources for the Ruby community

CVE-2013-2617 (curl): Curl Gem for Ruby URI Handling Arbitrary Command Injection

ADVISORIES

GEM

curl

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

None.

DESCRIPTION

Curl Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via the URL. This may allow a context-dependent attacker to potentially execute arbitrary commands by injecting them via a semi-colon (;).