Описание
Fileutils Command Injection vulnerability
Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2516
- https://github.com/ruby/fileutils/commit/994c7aa1ba391689f844a069b9aee9e49813686c
- https://bugs.ruby-lang.org/issues/7958
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fileutils/CVE-2013-2516.yml
- http://rubygems.org/gems/fileutils
- http://www.vapidlabs.com/advisory.php?v=36
Пакеты
Наименование
fileutils
rubygems
Затронутые версииВерсия исправления
< 0.7.1
0.7.1
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
CVSS3: 8.8
debian
почти 7 лет назад
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command In ...