CVE-2013-2617 (curl): CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection

March 12th, 2013

ADVISORIES

CVE-2013-2617 (NVD)
OSVDB-91230

GEM

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

None.

DESCRIPTION

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.