Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-2513
Vulnerability from gsd - Updated: 2013-03-04 00:00Details
flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-2513",
"id": "GSD-2013-2513"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "flash_tool",
"purl": "pkg:gem/flash_tool"
}
}
],
"aliases": [
"CVE-2013-2513",
"OSVDB-90829"
],
"details": "flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.",
"id": "GSD-2013-2513",
"modified": "2013-03-04T00:00:00.000Z",
"published": "2013-03-04T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2513"
}
],
"schema_version": "1.4.0",
"summary": "flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/advisories/GHSA-6325-6g32-7p35",
"refsource": "MISC",
"url": "https://github.com/advisories/GHSA-6325-6g32-7p35"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml",
"refsource": "MISC",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-2513",
"date": "2013-03-04",
"description": "flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.",
"gem": "flash_tool",
"osvdb": 90829,
"title": "flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2513"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.6.0",
"affected_versions": "All versions up to 0.6.0",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2013-03-01",
"description": "If files downloaded contain shell characters it\u0027s possible to execute code as the client user",
"fixed_versions": [],
"identifier": "CVE-2013-2513",
"identifiers": [
"CVE-2013-2513"
],
"package_slug": "gem/flash_tool",
"pubdate": "2013-03-01",
"solution": "No solution yet.",
"title": "Remote code execution vulnerability",
"urls": [
"http://direct.osvdb.org/show/osvdb/90829",
"http://vapid.dhs.org/advisories/flash_tool-0.6.0-cmd_exec.html"
],
"uuid": "2b4bd3c3-b1c7-4cb8-ac43-5635c18b9b45"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:milboj:flash_tool:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "748F9BDE-66DE-47F3-B1C4-0DF7F2B20895",
"versionEndIncluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file."
},
{
"lang": "es",
"value": "La gema flash_tool hasta 0.6.0 para Ruby permite la ejecuci\u00f3n de comandos mediante metacaracteres de shell en el nombre de un archivo descargado."
}
],
"id": "CVE-2013-2513",
"lastModified": "2023-12-14T20:35:18.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T16:15:07.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-6325-6g32-7p35"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}