Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution
Published: December 12, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-7086 (NVD)
- GHSA: GHSA-p65m-qr5x-rrqq
- OSVDB: OSVDB-100920
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
Webbynode Gem for Ruby contains a flaw in notify.rb that is triggered when handling a specially crafted growlnotify message. This may allow a context-dependent attacker to execute arbitrary commands.