RubySec

Providing security resources for the Ruby community

CVE-2013-7086 (webbynode): Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution

ADVISORIES

GEM

webbynode

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

None.

DESCRIPTION

Webbynode Gem for Ruby contains a flaw in notify.rb that is triggered when handling a specially crafted growlnotify message. This may allow a context-dependent attacker to execute arbitrary commands.