Cocaine Gem for Ruby contains a flaw
Published: October 22, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-4457 (NVD)
- GHSA: GHSA-c43v-hrmg-56r4
- OSVDB: OSVDB-98835
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
UNAFFECTED VERSIONS
< 0.4.0
PATCHED VERSIONS
>= 0.5.3
DESCRIPTION
Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands.