Vulnerability Details CVE-2013-2615
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
- http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
- http://seclists.org/fulldisclosure/2013/Mar/122
- http://www.openwall.com/lists/oss-security/2013/03/19/9
- http://www.osvdb.org/91232
- http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
- http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
- http://seclists.org/fulldisclosure/2013/Mar/122
- http://www.openwall.com/lists/oss-security/2013/03/19/9
- http://www.osvdb.org/91232
Products affected by CVE-2013-2615
-
cpe:2.3:a:rubygems:fastreader:1.0.8