Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-2617
Vulnerability from gsd - Updated: 2013-03-12 00:00Details
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-2617",
"description": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
"id": "GSD-2013-2617"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "curl",
"purl": "pkg:gem/curl"
}
}
],
"aliases": [
"CVE-2013-2617",
"OSVDB-91230"
],
"details": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
"id": "GSD-2013-2617",
"modified": "2013-03-12T00:00:00.000Z",
"published": "2013-03-12T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2617"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
}
],
"summary": "CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html"
},
{
"name": "91230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91230"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
},
{
"name": "20130312 Curl Ruby Gem Remote command execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/124"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-2617",
"cvss_v2": 7.5,
"date": "2013-03-12",
"description": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
"gem": "curl",
"osvdb": 91230,
"title": "CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2617"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.0.9",
"affected_versions": "All versions up to 0.0.9",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2013-03-21",
"description": "Specially crafted URLs can result in remote code execution.",
"fixed_versions": [],
"identifier": "CVE-2013-2617",
"identifiers": [
"CVE-2013-2617"
],
"package_slug": "gem/curl",
"pubdate": "2013-03-20",
"title": "Remote command execution",
"urls": [
"http://vapid.dhs.org/advisories/curl-ruby-gem-remote-exec.html",
"http://www.osvdb.org/show/osvdb/91230"
],
"uuid": "f6595446-3e05-4ba5-843e-31e14199cb48"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:curl_project:curl:-:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2617"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130312 Curl Ruby Gem Remote command execution",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/124"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
},
{
"name": "91230",
"refsource": "OSVDB",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/91230"
},
{
"name": "http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2020-11-16T20:47Z",
"publishedDate": "2013-03-20T22:55Z"
}
}
}