GHSA-rfmf-rx8w-935w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rfmf-rx8w-935w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-rfmf-rx8w-935w/GHSA-rfmf-rx8w-935w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rfmf-rx8w-935w
- Aliases
-
- CVE-2013-5647
- Published
- 2017-10-24T18:33:37Z
- Modified
- 2024-12-06T05:38:50.229429Z
- Summary
- Sounder Contains Arbitrary Command Execution Vulnerability
- Details
-
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
- Database specific
{ "nvd_published_at": "2013-08-29T12:07:56Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:54:35Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-5647
- https://github.com/adamzaninovich/sounder
- https://github.com/adamzaninovich/sounder/blob/v1.0.1/lib/sounder/sound.rb
- https://github.com/advisories/GHSA-rfmf-rx8w-935w
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sounder/CVE-2013-5647.yml
- http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html
Affected packages
RubyGems / sounder
Package
- Name
- sounder
- Purl
- pkg:gem/sounder