MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnNG0tcTZ3OC12cmpw

High EPSS: 0.01422% (0.8001 Percentile) EPSS:

Permalink JSON

rgpg Code Injection vulnerability

Affected Packages	Affected Versions	Fixed Versions
rubygems:rgpg PURL: `pkg:gem/rgpg`	< 0.2.3	0.2.3
0 Dependent packages 0 Dependent repositories 34,980 Downloads total Affected Version Ranges All affected versions 0.0.0, 0.1.0, 0.2.0, 0.2.1, 0.2.2 All unaffected versions 0.2.3, 0.2.4, 0.3.0, 0.4.0

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

References:

https://nvd.nist.gov/vuln/detail/CVE-2013-4203
https://github.com/rcook/rgpg/commit/b819b13d198495f3ecd2762a0dbe27bb6fae3505
http://www.openwall.com/lists/oss-security/2013/08/03/2
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rgpg/CVE-2013-4203.yml
https://github.com/advisories/GHSA-jg4m-q6w8-vrjp

Identifiers

GHSA-jg4m-q6w8-vrjp

CVE-2013-4203

Risk

Severity

High

EPSS

EPSS Percentage: 0.01422

EPSS Percentile: 0.8001

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/rcook/rgpg

Date and time

Published

about 8 years ago

Updated

21 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories