Skip to content
This repository has been archived by the owner on Mar 8, 2022. It is now read-only.

CVE-2013-1911: execute arbitrary commands via shell metacharacters #1

Closed
nogweii opened this issue Apr 5, 2013 · 3 comments
Closed

CVE-2013-1911: execute arbitrary commands via shell metacharacters #1

nogweii opened this issue Apr 5, 2013 · 3 comments

Comments

@nogweii
Copy link

nogweii commented Apr 5, 2013

FYI: http://web.nvd.nist.gov/view/vuln/detail;jsessionid=B4DFCF50F8D8A5A4B26BA155FE0156D9?vulnId=CVE-2013-1911
@markburns
Copy link
Owner

Yep thanks. I actually saw this. This project was something I did for a hackathon and I'm not using it.

I guess it would leave any project created with this open to hacking by the dictionary API that this project uses. It would seem strange for an API provider to try and hack their clients.

I'm not sure what to do about this. I doubt anyone else is using this project and it seems like a small attack vector.
I'm wondering if the responsible thing is just to remove this project.

Did you discover this vulnerability?

@nogweii
Copy link
Author

nogweii commented Apr 6, 2013

I didn't personally discover it, but I found it linked from ruby-doc.org (which just parses the recent CVEs that match 'ruby'). I thought I should bring it up, however you already knew about it. 😄

@markburns
Copy link
Owner

Issue mentioned in README:
747071a

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nogweii @markburns