ADVISORIES
- CVE-2013-4203 (NVD)
- GHSA-jg4m-q6w8-vrjp
- OSVDB-95948
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
- >= 0.2.3
DESCRIPTION
rgpg Gem for Ruby contains a flaw in the GpgHelper module (lib/rgpg/gpg_helper.rb). The issue is due to the program failing to properly sanitize user-supplied input before being used in the system() function for execution. This may allow a remote attacker to execute arbitrary commands.