Arbitrary Command Execution Affecting fastreader package, versions >= 0

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 1.46% (87^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-FASTREADER-20085
published 12 Mar 2013
disclosed 12 Mar 2013
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 12 Mar 2013

CVE-2013-2615 Open this link in a new tab CWE-77 Open this link in a new tab

Overview

fastreader is a terminal-based feed reader. Affected versions of this gem are vulnerable to arbitrary command execution due to mishandling of specially crafted input passed via a URL that contains a ; character. This may allow a context-dependent attacker to potentially execute arbitrary commands.

References

http://rubysec.com/advisories/CVE-2013-2615