Arbitrary Command Execution in rgpg Gem's self.run_gpg Function

Arbitrary Command Execution in rgpg Gem's self.run_gpg Function

CVE-2013-4203 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Learn more about our Web Application Penetration Testing UK.