refile Gem for Ruby contains a remote code execution vulnerability
Published: April 15, 2015
SECURITY IDENTIFIERS
- OSVDB: OSVDB-120857
- Vendor Advisory: https://groups.google.com/g/ruby-security-ann/c/VIfMO2LvzNs
GEM
UNAFFECTED VERSIONS
< 0.5.0
PATCHED VERSIONS
>= 0.5.4
DESCRIPTION
refile Gem for Ruby contains a flaw that is triggered when input is not sanitized when handling the 'remote_image_url' field in a form, where 'image' is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands.