7 matches found
EUVD-2017-0270
Malware in sbrugna...
GHSA-M6F7-46HW-GRCJ Creme Fraiche contains OS Command Injection
The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...
Creme Fraiche contains OS Command Injection
The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...
CVE-2013-2090
The Creme Fraiche Ruby gem (pre-0.6.1) is vulnerable to OS command injection via unsanitized file names in email attachments, enabling remote execution of arbitrary commands. Root cause: set_meta_data processes attachment filenames without proper validation, allowing shell metacharacters to pass ...
CVE-2013-2090
The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...
Information disclosure
The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...
Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...