Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-5647
Vulnerability from gsd - Updated: 2013-08-14 00:00Details
Sounder Gem for Ruby contains a flaw that is triggered during the handling
of file names. This may allow a context-dependent attacker to execute
arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-5647",
"description": "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.",
"id": "GSD-2013-5647"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sounder",
"purl": "pkg:gem/sounder"
}
}
],
"aliases": [
"CVE-2013-5647",
"OSVDB-96278"
],
"details": "Sounder Gem for Ruby contains a flaw that is triggered during the handling\nof file names. This may allow a context-dependent attacker to execute\narbitrary commands.\n",
"id": "GSD-2013-5647",
"modified": "2013-08-14T00:00:00.000Z",
"published": "2013-08-14T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
}
],
"summary": "Sounder Gem for Ruby File Name Handling Arbitrary Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html",
"refsource": "MISC",
"url": "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-5647",
"cvss_v2": 7.5,
"date": "2013-08-14",
"description": "Sounder Gem for Ruby contains a flaw that is triggered during the handling\nof file names. This may allow a context-dependent attacker to execute\narbitrary commands.\n",
"gem": "sounder",
"osvdb": 96278,
"patched_versions": [
"\u003e= 1.0.2"
],
"title": "Sounder Gem for Ruby File Name Handling Arbitrary Command Execution",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5647"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=1.0.1",
"affected_versions": "All versions up to 1.0.1",
"credit": "Larry W. Cashdollar @_larry0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2013-08-29",
"description": "Sounder passes user supplied data directly to command line. See link for a proof of concept.",
"fixed_versions": [
"1.0.2"
],
"identifier": "CVE-2013-5647",
"identifiers": [
"CVE-2013-5647"
],
"package_slug": "gem/sounder",
"pubdate": "2013-08-29",
"solution": "Upgrade to latest",
"title": "Command Injection in Sounder",
"urls": [
"http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html"
],
"uuid": "422c1d80-9cd8-471b-a6a8-a39f72364ea0"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adam_zaninovich:sounder:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5647"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-08-29T22:03Z",
"publishedDate": "2013-08-29T12:07Z"
}
}
}