RubySec

Providing security resources for the Ruby community

OSVDB-108585 (lingq): lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution

ADVISORIES

  • OSVDB-108585

GEM

lingq

PATCHED VERSIONS

None.

DESCRIPTION

lingq Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.