Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyNjYtM2NyaC1oN2dq

ldoce Gem Arbitrary Command Execution

lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.

Permalink: https://github.com/advisories/GHSA-g266-3crh-h7gj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyNjYtM2NyaC1oN2dq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 6 years ago
Updated: 6 months ago

Identifiers: GHSA-g266-3crh-h7gj, CVE-2013-1911
References:

• https://nvd.nist.gov/vuln/detail/CVE-2013-1911
• https://exchange.xforce.ibmcloud.com/vulnerabilities/83163
• http://www.openwall.com/lists/oss-security/2013/03/31/3
• https://web.archive.org/web/20200229102422/http://www.securityfocus.com/bid/58783
• https://github.com/markburns/ldoce/issues/1
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ldoce/CVE-2013-1911.yml
• http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html
• http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html
• http://www.securityfocus.com/bid/58783
• https://github.com/advisories/GHSA-g266-3crh-h7gj

Repository: https://github.com/markburns/ldoce
Blast Radius: 0.0

Affected Packages