RubySec

Providing security resources for the Ruby community

OSVDB-101577 (flukso4r): flukso4r Gem for Ruby /lib/flukso/R.rb Arbitrary Command Execution

ADVISORIES

  • OSVDB-101577

GEM

flukso4r

PATCHED VERSIONS

None.

DESCRIPTION

flukso4r Gem for Ruby contains a flaw in /lib/flukso/R.rb that is due to the application failing to properly validate user-supplied input. This may allow a context-dependent attacker to execute arbitrary commands.