RubySec

Providing security resources for the Ruby community

OSVDB-108573 (karo): karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution

ADVISORIES

  • OSVDB-108573

GEM

karo

PATCHED VERSIONS

None.

DESCRIPTION

karo Gem for Ruby contains a flaw in db.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.