Arbitrary Command Execution

Affecting fastreader gem, ALL versions

high severity

Overview

fastreader is a terminal-based feed reader. Affected versions of this gem are vulnerable to arbitrary command execution due to mishandling of specially crafted input passed via a URL that contains a ; character. This may allow a context-dependent attacker to potentially execute arbitrary commands.

References

Credit
Unknown
CVE
CVE-2013-2615
Snyk ID
SNYK-RUBY-FASTREADER-20085
Disclosed
12 Mar, 2013
Published
12 Mar, 2013

Do your applications use this vulnerable package?