OSVDB-108572 (kcapifony): kcapifony Gem for Ruby /lib/ksymfony1.rb Metacharacter Handling Remote Command Execution

kcapifony Gem for Ruby /lib/ksymfony1.rb Metacharacter Handling Remote Command Execution

Published: June 30, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108572
Vendor Advisory: https://www.mend.io/vulnerability-database/WS-2014-0019

GEM

kcapifony

PATCHED VERSIONS

None available.

DESCRIPTION

kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

https://www.mend.io/vulnerability-database/WS-2014-0019
https://github.com/Kunstmaan/kCapifony/blob/master/lib/ksymfony1.rb
http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html
http://www.vapidlabs.com/advisory.php?v=65
http://osvdb.org/show/osvdb/108572

RubySec

OSVDB-108572 (kcapifony): kcapifony Gem for Ruby /lib/ksymfony1.rb Metacharacter Handling Remote Command Execution

kcapifony Gem for Ruby /lib/ksymfony1.rb Metacharacter Handling Remote Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories