Sounder Gem for Ruby File Name Handling Arbitrary Command Execution
Published: August 14, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-5647 (NVD)
- GHSA: GHSA-rfmf-rx8w-935w
- OSVDB: OSVDB-96278
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
>= 1.0.2
DESCRIPTION
Sounder Gem for Ruby contains a flaw that is triggered during the handling of file names. This may allow a context-dependent attacker to execute arbitrary commands.