ADVISORIES
- CVE-2013-4457 (NVD)
- GHSA-c43v-hrmg-56r4
- OSVDB-98835
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
UNAFFECTED VERSIONS
- < 0.4.0
PATCHED VERSIONS
- >= 0.5.3
DESCRIPTION
Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands.