OSVDB-120857 (refile): refile Gem for Ruby contains a remote code execution vulnerability

April 15th, 2015

ADVISORIES

OSVDB-120857
Vendor Advisory

GEM

refile

UNAFFECTED VERSIONS

< 0.5.0

PATCHED VERSIONS

>= 0.5.4

DESCRIPTION

refile Gem for Ruby contains a flaw that is triggered when input is not sanitized when handling the 'remote_image_url' field in a form, where 'image' is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands.

https://groups.google.com/g/ruby-security-ann/c/VIfMO2LvzNs

RubySec

OSVDB-120857 (refile): refile Gem for Ruby contains a remote code execution vulnerability

ADVISORIES

GEM

UNAFFECTED VERSIONS

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories