GHSA-m6f7-46hw-grcj

Suggest an improvement
Source
https://github.com/advisories/GHSA-m6f7-46hw-grcj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-m6f7-46hw-grcj/GHSA-m6f7-46hw-grcj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m6f7-46hw-grcj
Aliases
  • CVE-2013-2090
Published
2017-10-24T18:33:37Z
Modified
2023-11-08T03:57:17.360593Z
Summary
Creme Fraiche contains OS Command Injection
Details

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.

Database specific 
{
    "nvd_published_at": "2014-05-27T14:55:06Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:45:09Z"
}
References

Affected packages

RubyGems / cremefraiche

Package

Name
cremefraiche
Purl
pkg:gem/cremefraiche

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.1