Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyOXItcHFwNi04dzZn

sprout Arbitrary Code Execution vulnerability

The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.

Permalink: https://github.com/advisories/GHSA-229r-pqp6-8w6g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyOXItcHFwNi04dzZn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: 6 months ago

Identifiers: GHSA-229r-pqp6-8w6g, CVE-2013-6421
References:

Blast Radius: 0.0

Affected Packages

rubygems:sprout

Dependent packages: 35
Dependent repositories: 31
Downloads: 883,853 total
Affected Version Ranges: = 0.7.246
No known fixed version
All affected versions: 0.7.246