3 matches found
CVE-2013-1911
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in 1 an mp3 URL or 2 file name...
CVE-2013-1911
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in 1 an mp3 URL or 2 file name...
CVE-2013-1911
The CVE refers to the Ruby Gem ldoce (0.0.2). It explains that lib/ldoce/word.rb accepts an mp3 URL or filename and, if it contains shell metacharacters, can lead to remote command execution. The issue is triggered during handling of MP3 URLs/filenames, potentially allowing an attacker to run arb...