Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:CREMEFRAICHE-2013-2090-93395
HistoryMay 13, 2013 - 8:00 p.m.

Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution

2013-05-1320:00:00
RubySec
nvd.nist.gov
11

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Creme Fraiche Gem for Ruby contains a flaw that is due to the program
failing to properly sanitize input in file names. With a specially crafted file
name that contains shell metacharacters, a context-dependent attacker can execute
arbitrary commands

Affected configurations

Vulners
Node
rubycremefraicheRange0.6.1
VendorProductVersionCPE
rubycremefraiche*cpe:2.3:a:ruby:cremefraiche:*:*:*:*:*:*:*:*

Related

cvelist 1
cve 1
github 1
nvd 1
packetstorm 1
osv 1
prion 1
cvelist
cvelist
CVE-2013-2090
2014-05-27 15:00:00
cve
cve
CVE-2013-2090
2014-05-27 15:00:00
github
github
Creme Fraiche contains OS Command Injection
2017-10-24 18:33:37
nvd
nvd
CVE-2013-2090
2014-05-27 14:55:06
packetstorm
packetstorm
Ruby Gem Creme Fraiche 0.6 Command Injection
2013-05-14 00:00:00
osv
osv
Creme Fraiche contains OS Command Injection
2017-10-24 18:33:37
prion
prion
Information disclosure
2014-05-27 14:55:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for RUBY:CREMEFRAICHE-2013-2090-93395
cvelist1cve1github1nvd1packetstorm1osv1prion1