flukso4r Gem for Ruby /lib/flukso/R.rb Arbitrary Command Execution
Published: December 31, 2013
SECURITY IDENTIFIERS
- OSVDB: OSVDB-101577
- Vendor Advisory: https://vulners.com/seebug/SSV:61267
GEM
PATCHED VERSIONS
None available.
DESCRIPTION
flukso4r Gem for Ruby contains a flaw in /lib/flukso/R.rb that is due to the application failing to properly validate user-supplied input. This may allow a context-dependent attacker to execute arbitrary commands.