2 matches found
CVE-2013-2090
The Creme Fraiche Ruby gem (pre-0.6.1) is vulnerable to OS command injection via unsanitized file names in email attachments, enabling remote execution of arbitrary commands. Root cause: set_meta_data processes attachment filenames without proper validation, allowing shell metacharacters to pass ...
Ruby Gem Creme Fraiche 0.6 Command Injection
TITLE: Remote command Injection in Creme Fraiche 0.6 Ruby Gem DATE: 5/14/2013 AUTHOR: Larry W. Cashdollar @larry0 DOWNLOAD: http://rubygems.org/gems/cremefraiche, http://www.uplawski.eu/technology/cremefraiche/ DESCRIPTION: Converts Email to PDF files. VENDOR: Notifed on 5/13/2013, provided fix...