Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-2616
Vulnerability from gsd - Updated: 2013-03-12 00:00Details
MiniMagick Gem for Ruby contains a flaw that is triggered during the handling
of specially crafted input from an untrusted source passed via a URL that
contains a ';' character. This may allow a context-dependent attacker to
potentially execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-2616",
"description": "lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
"id": "GSD-2013-2616"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "mini_magick",
"purl": "pkg:gem/mini_magick"
}
}
],
"aliases": [
"CVE-2013-2616",
"OSVDB-91231"
],
"details": "MiniMagick Gem for Ruby contains a flaw that is triggered during the handling\nof specially crafted input from an untrusted source passed via a URL that\ncontains a \u0027;\u0027 character. This may allow a context-dependent attacker to\npotentially execute arbitrary commands.\n",
"id": "GSD-2013-2616",
"modified": "2013-03-12T00:00:00.000Z",
"published": "2013-03-12T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2616"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.3,
"type": "CVSS_V2"
}
],
"summary": "MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130312 MiniMagic ruby gem remote code execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/123"
},
{
"name": "http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html"
},
{
"name": "91231",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91231"
},
{
"name": "58448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58448"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-2616",
"cvss_v2": 9.3,
"date": "2013-03-12",
"description": "MiniMagick Gem for Ruby contains a flaw that is triggered during the handling\nof specially crafted input from an untrusted source passed via a URL that\ncontains a \u0027;\u0027 character. This may allow a context-dependent attacker to\npotentially execute arbitrary commands.\n",
"gem": "mini_magick",
"osvdb": 91231,
"patched_versions": [
"\u003e= 3.6.0"
],
"title": "MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2616"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=3.5.0",
"affected_versions": "All versions up to 3.5.0",
"credit": "Larry W. Cashdollar ([@_larry0](https://twitter.com/_larry0))",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2017-11-29",
"description": "If a URL is from an untrusted source, commands can be injected into it for remote code execution with the `;` character.",
"fixed_versions": [
"3.6.0"
],
"identifier": "CVE-2013-2616",
"identifiers": [
"CVE-2013-2616"
],
"package_slug": "gem/mini_magick",
"pubdate": "2013-03-20",
"solution": "Update to 3.6.0",
"title": "Remote code execution",
"urls": [
"http://direct.osvdb.org/show/osvdb/91231",
"http://vapid.dhs.org/advisories/minimagick.html"
],
"uuid": "8b3b5a36-fda0-4e59-abf3-bdc274700e67"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:mini_magick:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2616"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
},
{
"name": "20130312 MiniMagic ruby gem remote code execution",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2013/Mar/123"
},
{
"name": "91231",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/91231"
},
{
"name": "58448",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/58448"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-11-30T02:29Z",
"publishedDate": "2013-03-20T22:55Z"
}
}
}