Lucene search

[email protected]CVE-2013-1875

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1875

2022-10-0316:14:48

CWE-94

[email protected]

web.nvd.nist.gov

cve-2013-1875

command_wrap

ruby

gem

remote attackers

arbitrary commands

shell metacharacters

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.

Affected configurations

NVD

Node

rubygemscommand_wrapMatch-

CPENameOperatorVersion
rubygems:command_wraprubygems command wrapeq-

CPE	Name	Operator	Version
rubygems:command_wrap	rubygems command wrap	eq	-

References

packetstormsecurity.com/files/120847/Ruby-Gem-Command-Wrap-Command-Execution.html

seclists.org/fulldisclosure/2013/Mar/175

www.openwall.com/lists/oss-security/2013/03/19/9

www.osvdb.org/91450

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2013-1875

github1 prion1 nvd1 cvelist1 osv1