Search criteria
1 vulnerability by mark_burns
CVE-2013-1911 (GCVE-0-2013-1911)
Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-08-06 15:20
VLAI
Summary
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/58783 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2013/03/31/3 | mailing-listx_refsource_MLIST |
| http://osvdb.org/91870 | vdb-entryx_refsource_OSVDB |
Date Public
2013-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:36.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html"
},
{
"name": "58783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58783"
},
{
"name": "20130401 Remote command execution in Ruby Gem ldoce 0.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html"
},
{
"name": "rubygem-cve20131911-command-exec(83163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163"
},
{
"name": "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/31/3"
},
{
"name": "91870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html"
},
{
"name": "58783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58783"
},
{
"name": "20130401 Remote command execution in Ruby Gem ldoce 0.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html"
},
{
"name": "rubygem-cve20131911-command-exec(83163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163"
},
{
"name": "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/31/3"
},
{
"name": "91870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html",
"refsource": "MISC",
"url": "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html"
},
{
"name": "58783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58783"
},
{
"name": "20130401 Remote command execution in Ruby Gem ldoce 0.0.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html"
},
{
"name": "rubygem-cve20131911-command-exec(83163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163"
},
{
"name": "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/31/3"
},
{
"name": "91870",
"refsource": "OSVDB",
"url": "http://osvdb.org/91870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1911",
"datePublished": "2013-04-03T00:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:36.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}