OSVDB-108594 (gnms): gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

June 30th, 2014

ADVISORIES

OSVDB-108594
Vendor Advisory

GEM

PATCHED VERSIONS

None.

DESCRIPTION

gnms Gem for Ruby contains a flaw in /lib/cmd_parse.rb that is triggered when handling shell metacharacters passed via the ‘ip’ variable. This may allow a remote attacker to inject arbitrary commands.

http://www.vapidlabs.com/advisories/gnms-2.1.1.html
http://www.vapidlabs.com/advisory.php?v=55
http://osvdb.org/show/osvdb/108594

RubySec

OSVDB-108594 (gnms): gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories