RubySec

Providing security resources for the Ruby community

CVE-2013-4457 (cocaine): Cocaine Gem for Ruby contains a flaw

ADVISORIES

GEM

cocaine

SEVERITY

CVSS v2: 6.8

UNAFFECTED VERSIONS

  • < 0.4.0

PATCHED VERSIONS

  • >= 0.5.3

DESCRIPTION

Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands.