Description
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2017-0234 | lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name. |
Github GHSA |
GHSA-g266-3crh-h7gj | ldoce Gem Arbitrary Command Execution |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T15:20:36.282Z
Reserved: 2013-02-19T00:00:00.000Z
Link: CVE-2013-1911
No data.
Status : Modified
Published: 2013-04-03T00:55:02.267
Modified: 2026-06-16T23:52:23.030
Link: CVE-2013-1911
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-20
Improper Input Validation
EUVD
Github GHSA