OSVDB-108593 (kompanee-recipes): kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness

June 30th, 2014

ADVISORIES

OSVDB-108593

GEM

PATCHED VERSIONS

None.

DESCRIPTION

kompanee-recipes Gem for Ruby contains a flaw in /lib/kompanee-recipes/heroku.rb that is triggered when handling shell metacharacters passed via the ‘password’, ‘user’, ‘deploy_name’, and ‘application’ variables. This may allow a remote attacker to execute arbitrary commands.

RubySec

OSVDB-108593 (kompanee-recipes): kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

Recent Advisories