ADVISORIES

• OSVDB-101577
• Vendor Advisory

GEM

flukso4r

PATCHED VERSIONS

None.

DESCRIPTION

flukso4r Gem for Ruby contains a flaw in /lib/flukso/R.rb that is due to the application failing to properly validate user-supplied input. This may allow a context-dependent attacker to execute arbitrary commands.

RELATED

• https://security.snyk.io/vuln/SNYK-RUBY-FLUKSO4R-20136
• https://vulners.com/seebug/SSV:61267
• http://osvdb.org/show/osvdb/101577