OSVDB-108585 (lingq): lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution

lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution

Published: June 30, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108585
Vendor Advisory: https://www.versioneye.com/Ruby/lingq/0.3.1

GEM

lingq

PATCHED VERSIONS

None available.

DESCRIPTION

lingq Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

https://www.versioneye.com/Ruby/lingq/0.3.1
http://www.vapid.dhs.org/advisories/lingq-0.3.1.html
http://www.vapidlabs.com/advisory.php?v=71
http://osvdb.org/show/osvdb/108585

RubySec

OSVDB-108585 (lingq): lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution

lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories