CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2013-2615
https://notcve.org/view.php?id=CVE-2013-2615
20 Mar 2013 — lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. lib/entry_controller.rb en el fastreader Gem v1.0.8 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios vía metacaracteres shell en una dirección URL • http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2616
https://notcve.org/view.php?id=CVE-2013-2616
20 Mar 2013 — lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. lib/mini_magick.rb en el MiniMagick Gem v1.3.1 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios vía metacaracteres shell en una dirección URL. • http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 6%CPEs: 20EXPL: 1CVE-2013-0269 – rubygem-json: Denial of Service and SQL Injection
https://notcve.org/view.php?id=CVE-2013-0269
13 Feb 2013 — The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." El JSON gem v1.7.x anteriores a 1.7.7, v1.6.x anteriores a v1.6.8, y v1.5.x ... • https://github.com/heroku/heroku-CVE-2013-0269 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2012-2139 – rubygem-mail: directory traversal
https://notcve.org/view.php?id=CVE-2012-2139
18 Jul 2012 — Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. Vulnerabilidad de salto de directorio en lib/mail/network/delivery_methods/file_delivery.rb en la gema Mail antes de v2.4.3 para Ruby, permite a atacantes remotos para leer archivos de su elección a través de .. (punto punto) en el parámetro to. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 2CVE-2012-2140 – rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
https://notcve.org/view.php?id=CVE-2012-2140
18 Jul 2012 — The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. La gema Mail antes de v2.4.3 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en (1) sendmail o (2) una entrega exim. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •