GHSA-hxx6-p24v-wg8c

Suggest an improvement
Source
https://github.com/advisories/GHSA-hxx6-p24v-wg8c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-hxx6-p24v-wg8c/GHSA-hxx6-p24v-wg8c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-hxx6-p24v-wg8c
Aliases
  • CVE-2013-2617
Published
2017-10-24T18:33:37Z
Modified
2024-12-05T05:39:14.885011Z
Summary
Curl Gem insufficient URL escaping command injection
Details

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:41:31Z"
}
References

Affected packages

RubyGems / curl

Package

Name
curl
Purl
pkg:gem/curl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.9

Affected versions

0.*

0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9