Arbitrary Command Execution in ldoce 0.0.2 Gem for Ruby

Arbitrary Command Execution in ldoce 0.0.2 Gem for Ruby

CVE-2013-1911 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.

Learn more about our Web Application Penetration Testing UK.