Back to search
CVE-2013-6421
Published: Dec 12, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20131214 Command injection vulnerability in Ruby Gem sprout 0.7.246
mailing-list
x_refsource_BUGTRAQ
[oss-security] 20131202 Command injection vulnerability in Ruby Gem sprout 0.7.246
mailing-list
x_refsource_MLIST
[oss-security] 20131202 Re: Command injection vulnerability in Ruby Gem sprout 0.7.246
mailing-list
x_refsource_MLIST
http://vapid.dhs.org/advisories/sprout-0.7.246-command-inj.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now