exploitDog

CVE-2013-2617

Опубликовано: 20 мар. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Ссылки

http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2013/Mar/124
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/03/19/9
Mailing List
Third Party Advisory
http://www.osvdb.org/91230
Broken Link
http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2013/Mar/124
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/03/19/9
Mailing List
Third Party Advisory
http://www.osvdb.org/91230
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:curl_project:curl:-:*:*:*:*:ruby:*:*

EPSS

Процентиль: 80%

0.01405

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2013-2617

redhat

почти 13 лет назад

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

GHSA-hxx6-p24v-wg8c

github

больше 8 лет назад

Curl Gem insufficient URL escaping command injection

EPSS

Процентиль: 80%

0.01405

Низкий

7.5 High

CVSS2

Дефекты

CWE-94