EUVD-2017-0147

Malware in sbrugna...

GHSA-229R-PQP6-8W6G sprout Arbitrary Code Execution vulnerability

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

sprout Arbitrary Code Execution vulnerability

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

CVE-2013-6421

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

Path traversal

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

CVE-2013-6421

The CVE-2013-6421 entry concerns the sprout Ruby gem (archive_unpacker.rb, unpack_zip) in version 0.7.246. The vulnerability allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path, due to insufficient sanitization of inputs (zip_fil...

CVE-2013-6421

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution

sprout Gem for Ruby contains a flaw in the unpackzip function in archiveunpacker.rb. The issue is due to the program failing to properly sanitize input passed via the 'zipfile', 'dir', 'zipname', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code...