OSVDB-96425 (redis-namespace): redis-namespace Gem for Ruby contains a flaw in the method_missing implementation

redis-namespace Gem for Ruby contains a flaw in the method_missing implementation

Published: August 03, 2013

SECURITY IDENTIFIERS

OSVDB: OSVDB-96425
Vendor Advisory: http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release

GEM

redis-namespace

PATCHED VERSIONS

~> 1.0.4 ~> 1.1.1 ~> 1.2.2 >= 1.3.1

DESCRIPTION

redis-namespace Gem for Ruby contains a flaw in the method_missing implementation. The issue is triggered when handling exec commands called via send(). This may allow a remote attacker to execute arbitrary commands.

http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release
https://github.com/resque/redis-namespace/issues/65
https://github.com/resque/redis-namespace/commit/6d839515e8a3fdc17b5fb391500fda3f919689d6
https://security.snyk.io/vuln/SNYK-RUBY-REDISNAMESPACE-20105

RubySec

OSVDB-96425 (redis-namespace): redis-namespace Gem for Ruby contains a flaw in the method_missing implementation

redis-namespace Gem for Ruby contains a flaw in the method_missing implementation

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories