Lucene search

[email protected]CVE-2013-1911

HistoryApr 03, 2013 - 12:55 a.m.

CVE-2013-1911

2013-04-0300:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-1911

ldoce gem

ruby

remote attack

command execution

nvd

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.

CPENameOperatorVersion
mark_burns:ldocemark burns ldoceeq0.0.2

CPE	Name	Operator	Version
mark_burns:ldoce	mark burns ldoce	eq	0.0.2

References

archives.neohapsis.com/archives/bugtraq/2013-04/0010.html

osvdb.org/91870

otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html

www.openwall.com/lists/oss-security/2013/03/31/3

www.securityfocus.com/bid/58783

exchange.xforce.ibmcloud.com/vulnerabilities/83163

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2013-1911

securityvulns1 cvelist1 prion1 osv1 github1