Remote Command Execution in Flash Tool Gem for Ruby by RubySec
CVE-2013-2513

Currently unrated

Key Information:

Vendor: Ruby
Status: Flash Tool gem
Vendor: CVE Published:; 12 December 2023

What is CVE-2013-2513?

The Flash Tool gem for Ruby, up to version 0.6.0, is susceptible to remote command execution due to improper handling of shell metacharacters in downloaded file names. An attacker can exploit this vulnerability by crafting a malicious filename, which when executed could allow arbitrary command execution on the target system. This could lead to unauthorized access and compromise of sensitive data. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://github.com/advisories/GHSA-6325-6g32-7p35

https://github.com/rubysec/ruby-advisory-db/blob/master/g...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Mar 8, 2013