OSVDB-107783 (screen_capture): Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution

Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution

Published: June 07, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-107783
Vendor Advisory: https://github.com/jamster/screen_capture/blob/master/lib/screen_capture.rb

GEM

screen_capture

PATCHED VERSIONS

None available.

DESCRIPTION

Screen Capture Gem for Ruby contains a flaw in screen_capture.rb that is triggered when handling input passed via the URL. This may allow a context-dependent attacker to execute arbitrary commands.

https://github.com/jamster/screen_capture/blob/master/lib/screen_capture.rb
http://osvdb.org/show/osvdb/107783

RubySec

OSVDB-107783 (screen_capture): Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution

Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories