RubySec

Providing security resources for the Ruby community

OSVDB-108570 (backup_checksum): backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution

ADVISORIES

  • OSVDB-108570

GEM

backup_checksum

PATCHED VERSIONS

None.

DESCRIPTION

backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.