RubySec

Providing security resources for the Ruby community

OSVDB-108593 (kompanee-recipes): kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness

ADVISORIES

GEM

kompanee-recipes

PATCHED VERSIONS

None.

DESCRIPTION

kompanee-recipes Gem for Ruby contains a flaw in /lib/kompanee-recipes/heroku.rb that is triggered when handling shell metacharacters passed via the ‘password’, ‘user’, ‘deploy_name’, and ‘application’ variables. This may allow a remote attacker to execute arbitrary commands.

RELATED