RubySec

Providing security resources for the Ruby community

OSVDB-96425 (redis-namespace): redis-namespace Gem for Ruby contains a flaw in the method_missing implementation

ADVISORIES

GEM

redis-namespace

PATCHED VERSIONS

  • ~> 1.0.4
  • ~> 1.1.1
  • ~> 1.2.2
  • >= 1.3.1

DESCRIPTION

redis-namespace Gem for Ruby contains a flaw in the method_missing implementation. The issue is triggered when handling exec commands called via send(). This may allow a remote attacker to execute arbitrary commands.

RELATED