CVE-2013-2617Code Injection in Curl

CWE-94Code InjectionCWE-78OS Command Injection7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Haxx Curl
Timeline
PublishedMar 20
Latest updateOct 24

Description

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

RubyGemshaxx/curl0.0.9

🔴Vulnerability Details

3
GHSA
Curl Gem insufficient URL escaping command injection2017-10-24
OSV
Curl Gem insufficient URL escaping command injection2017-10-24
CVEList
CVE-2013-2617: lib/curl2013-03-20

📋Vendor Advisories

1
Red Hat
rubygem-curl: insufficient URL escaping command injection2013-03-12

💬Community

2
Bugzilla
CVE-2013-2617 rubygem-curb: Remote command execution [fedora-all]2013-03-21
Bugzilla
CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection2013-03-21
CVE-2013-2617 — Code Injection in Haxx Curl | cvebase