cve/2013/CVE-2013-6421.md

CVE-2013-6421

Description

The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.

POC

Reference

• http://www.openwall.com/lists/oss-security/2013/12/03/1
• http://www.openwall.com/lists/oss-security/2013/12/03/1
• http://www.openwall.com/lists/oss-security/2013/12/03/6
• http://www.openwall.com/lists/oss-security/2013/12/03/6

Github

• https://github.com/btihen/calendar_commons
• https://github.com/tdunning/github-advisory-parser
• https://github.com/thesp0nge/dawnscanner