CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection
Published: March 12, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2617 (NVD)
- GHSA: GHSA-hxx6-p24v-wg8c
- OSVDB: OSVDB-91230
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.