RubySec

Providing security resources for the Ruby community

OSVDB-107783 (screen_capture): Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution

ADVISORIES

  • OSVDB-107783

GEM

screen_capture

PATCHED VERSIONS

None.

DESCRIPTION

Screen Capture Gem for Ruby contains a flaw in screen_capture.rb that is triggered when handling input passed via the URL. This may allow a context-dependent attacker to execute arbitrary commands.