OSVDB ID: 91232

Title: fastreader Gem for Ruby URI Handling Arbitrary Command Injection

Info

Disclosure

Mar 13, 2013

Discovery

Unknown

Dates

Exploit

Mar 12, 2013

Solution

Unknown

Description

fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability.

Products

Daniel Choi

fastreader Gem for Ruby

1.0.8

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/91232