Lucene search

GitHub Advisory DatabaseGHSA-W248-XR37-JX8M

HistoryOct 24, 2017 - 6:33 p.m.

fastreader Gem for Ruby URI Handling Arbitrary Command Injection

2017-10-2418:33:37

CWE-94

GitHub Advisory Database

github.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.015

Percentile

86.9%

JSON

fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ‘;’ character. This may allow a context-dependent attacker to potentially execute arbitrary commands.

Affected configurations

Vulners

Node

rubygemsfastreaderRange1.0.0≥

VendorProductVersionCPE
rubygemsfastreader*cpe:2.3:a:rubygems:fastreader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubygems	fastreader	*	cpe:2.3:a:rubygems:fastreader::::::::

References

packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html

packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html

seclists.org/fulldisclosure/2013/Mar/122

www.openwall.com/lists/oss-security/2013/03/19/9

github.com/advisories/GHSA-w248-xr37-jx8m

github.com/rubysec/ruby-advisory-db/blob/master/gems/fastreader/CVE-2013-2615.yml

nvd.nist.gov/vuln/detail/CVE-2013-2615

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.015

Percentile

86.9%

JSON

Related for GHSA-W248-XR37-JX8M