Skip to content

Thumbshooter vulnerable to Code Injection

High severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Aug 28, 2023

Package

bundler thumbshooter (RubyGems)

Affected versions

<= 0.1.5

Patched versions

None

Description

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

References

Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Aug 28, 2023

Severity

High

EPSS score

0.802%
(82nd percentile)

Weaknesses

CVE ID

CVE-2013-1898

GHSA ID

GHSA-7fqj-cg79-f2pv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.