Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-2615
Vulnerability from gsd - Updated: 2013-03-13 00:00Details
fastreader Gem for Ruby contains a flaw that is triggered during the handling
of specially crafted input passed via a URL that contains a ';' character.
This may allow a context-dependent attacker to potentially execute arbitrary
commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-2615",
"description": "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
"id": "GSD-2013-2615"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "fastreader",
"purl": "pkg:gem/fastreader"
}
}
],
"aliases": [
"CVE-2013-2615",
"OSVDB-91232"
],
"details": "fastreader Gem for Ruby contains a flaw that is triggered during the handling\nof specially crafted input passed via a URL that contains a \u0027;\u0027 character.\nThis may allow a context-dependent attacker to potentially execute arbitrary\ncommands.\n",
"id": "GSD-2013-2615",
"modified": "2013-03-13T00:00:00.000Z",
"published": "2013-03-13T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2615"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.3,
"type": "CVSS_V2"
}
],
"summary": "fastreader Gem for Ruby URI Handling Arbitrary Command Injection"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130312 Ruby gem fastreader-1.0.8 remote code exec",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/122"
},
{
"name": "91232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91232"
},
{
"name": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-2615",
"cvss_v2": 9.3,
"date": "2013-03-13",
"description": "fastreader Gem for Ruby contains a flaw that is triggered during the handling\nof specially crafted input passed via a URL that contains a \u0027;\u0027 character.\nThis may allow a context-dependent attacker to potentially execute arbitrary\ncommands.\n",
"gem": "fastreader",
"osvdb": 91232,
"title": "fastreader Gem for Ruby URI Handling Arbitrary Command Injection",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2615"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=1.0.8",
"affected_versions": "All versions up to 1.0.8",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2013-03-21",
"description": "If the url contains any ; characters code will be executed as the user. For example if fastreader is fed http://www.g;id;.com id will be executed.",
"fixed_versions": [],
"identifier": "CVE-2013-2615",
"identifiers": [
"CVE-2013-2615"
],
"package_slug": "gem/fastreader",
"pubdate": "2013-03-20",
"title": "Remote code execution",
"urls": [
"http://vapid.dhs.org/advisories/fastreader-1.0.8-remote-exec.html",
"http://www.osvdb.org/show/osvdb/91232"
],
"uuid": "9cd1565b-c9aa-416a-baf8-28d1cf1b5b25"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:fastreader:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2615"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91232",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/91232"
},
{
"name": "20130312 Ruby gem fastreader-1.0.8 remote code exec",
"refsource": "FULLDISC",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/122"
},
{
"name": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-03-21T04:00Z",
"publishedDate": "2013-03-20T22:55Z"
}
}
}