RubySec

Providing security resources for the Ruby community

CVE-2013-4413 (wicked): Wicked Gem for Ruby contains a flaw

ADVISORIES

GEM

wicked

SEVERITY

CVSS v2: 5.0 (Medium)

PATCHED VERSIONS

  • >= 1.0.1

DESCRIPTION

Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the ‘the_step’ parameter upon submission to the render_redirect.rb script. This may allow a remote attacker to gain access to arbitrary files.