Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-2516
Vulnerability from gsd - Updated: 2013-02-28 00:00Details
fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-2516",
"description": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.",
"id": "GSD-2013-2516"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "fileutils",
"purl": "pkg:gem/fileutils"
}
}
],
"aliases": [
"CVE-2013-2516",
"OSVDB-90717"
],
"details": "fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.",
"id": "GSD-2013-2516",
"modified": "2013-02-28T00:00:00.000Z",
"published": "2013-02-28T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2516"
}
],
"schema_version": "1.4.0",
"summary": "fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2013-02-24",
"ID": "CVE-2013-2516",
"REQUESTER": "cve-assign@mtire.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-12T11:31Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FileUtils",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.7"
}
]
}
}
]
},
"vendor_name": "Stefaan Colman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=36",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"name": "http://rubygems.org/gems/fileutils",
"refsource": "MISC",
"url": "http://rubygems.org/gems/fileutils"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-2516",
"date": "2013-02-28",
"description": "fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.",
"gem": "fileutils",
"osvdb": 90717,
"patched_versions": [
"\u003e= 0.7.1"
],
"title": "fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2516"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.7",
"affected_versions": "All versions up to 0.7",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-77",
"CWE-937"
],
"date": "2019-02-19",
"description": "The package fileutils does not sanitize input on URLs passed to CutyCapt. If a URL contains shell characters, such as a `;` followed by a command, a remote attacker can execute a command on the client\u0027s system if they are enticed to click an encoded URL.",
"fixed_versions": [],
"identifier": "CVE-2013-2516",
"identifiers": [
"CVE-2013-2516"
],
"package_slug": "gem/fileutils",
"pubdate": "2019-02-15",
"solution": "No solution yet.",
"title": "Remote command execution",
"urls": [
"http://direct.osvdb.org/show/osvdb/90717",
"http://vapid.dhs.org/advisories/file_utils_ruby_gem.html"
],
"uuid": "dc2c065b-8314-4a12-9f6a-05290a25fdc3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fileutils_project:fileutils:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "0.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2013-2516"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=36",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"name": "http://rubygems.org/gems/fileutils",
"refsource": "MISC",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "http://rubygems.org/gems/fileutils"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-02-19T16:48Z",
"publishedDate": "2019-02-15T21:29Z"
}
}
}