CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
86.9%
fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ‘;’ character. This may allow a context-dependent attacker to potentially execute arbitrary commands.
Vendor | Product | Version | CPE |
---|---|---|---|
rubygems | fastreader | * | cpe:2.3:a:rubygems:fastreader:*:*:*:*:*:*:*:* |
packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
seclists.org/fulldisclosure/2013/Mar/122
www.openwall.com/lists/oss-security/2013/03/19/9
github.com/advisories/GHSA-w248-xr37-jx8m
github.com/rubysec/ruby-advisory-db/blob/master/gems/fastreader/CVE-2013-2615.yml
nvd.nist.gov/vuln/detail/CVE-2013-2615