GHSA-jg4m-q6w8-vrjp

Source

https://github.com/advisories/GHSA-jg4m-q6w8-vrjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jg4m-q6w8-vrjp/GHSA-jg4m-q6w8-vrjp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jg4m-q6w8-vrjp

Aliases

CVE-2013-4203

Published

2017-10-24T18:33:37Z

Modified

2024-12-05T05:34:49.486577Z

Summary

rgpg Code Injection vulnerability

Details

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Database specific

{
    "nvd_published_at": "2013-10-11T22:55:39Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:43:21Z"
}

References

Affected packages

RubyGems / rgpg

Package

Name: rgpg
Purl: pkg:gem/rgpg

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.3

Affected versions

0.*

0.0.0

0.1.0

0.2.0

0.2.1

0.2.2