RubySec

Providing security resources for the Ruby community

CVE-2013-5647 (sounder): Sounder Gem for Ruby File Name Handling Arbitrary Command Execution

ADVISORIES

GEM

sounder

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 1.0.2

DESCRIPTION

Sounder Gem for Ruby contains a flaw that is triggered during the handling of file names. This may allow a context-dependent attacker to execute arbitrary commands.