cve/CVE-2013-6421.md at 48a00929accbe24477052d164512463a2824377a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.

POC

Reference

http://www.openwall.com/lists/oss-security/2013/12/03/1
http://www.openwall.com/lists/oss-security/2013/12/03/6

Github

https://github.com/btihen/calendar_commons
https://github.com/tdunning/github-advisory-parser
https://github.com/thesp0nge/dawnscanner

842 B Raw Blame History

CVE-2013-6421

Description

POC

Reference

Github

842 B

Raw Blame History