GHSA-g266-3crh-h7gj

Suggest an improvement
Source
https://github.com/advisories/GHSA-g266-3crh-h7gj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-g266-3crh-h7gj/GHSA-g266-3crh-h7gj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-g266-3crh-h7gj
Aliases
  • CVE-2013-1911
Published
2017-10-24T18:33:37Z
Modified
2023-11-05T05:31:06.195808Z
Summary
ldoce Gem Arbitrary Command Execution
Details

lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.

Database specific
{
    "nvd_published_at": "2013-04-03T00:55:02Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:35:53Z"
}
References

Affected packages

RubyGems / ldoce

Package

Name
ldoce
Purl
pkg:gem/ldoce

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.2

Affected versions

0.*

0.0.1
0.0.2