Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-1947
Vulnerability from gsd - Updated: 2013-04-04 00:00Details
kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1947",
"description": "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.",
"id": "GSD-2013-1947"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "kelredd-pruview",
"purl": "pkg:gem/kelredd-pruview"
}
}
],
"aliases": [
"CVE-2013-1947",
"OSVDB-92228"
],
"details": "kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands.",
"id": "GSD-2013-1947",
"modified": "2013-04-04T00:00:00.000Z",
"published": "2013-04-04T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1947"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.3,
"type": "CVSS_V2"
}
],
"summary": "kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/2"
},
{
"name": "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/10/3"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-1947",
"cvss_v2": 9.3,
"date": "2013-04-04",
"description": "kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands.",
"gem": "kelredd-pruview",
"osvdb": 92228,
"title": "kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1947"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.5.0",
"affected_versions": "All versions up to 0.5.0",
"credit": "@_larry0",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2013-05-01",
"description": "Remote commands can be executed if the file name contains shell meta characters",
"fixed_versions": [],
"identifier": "CVE-2013-1947",
"identifiers": [
"CVE-2013-1947"
],
"package_slug": "gem/kelredd-pruview",
"pubdate": "2013-04-25",
"solution": "Nothing yet",
"title": "Remote command injection",
"urls": [
"http://vapid.dhs.org/advisories/kelredd-pruview-cmd-inject.html"
],
"uuid": "43d7fd6a-f4b7-4c48-90c4-97760177803c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kelly_d._redding:kelredd-pruview:0.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1947"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/2"
},
{
"name": "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/04/10/3"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2013-05-01T04:00Z",
"publishedDate": "2013-04-25T23:55Z"
}
}
}