CVE-2013-2090: Remote command Injection in Creme Fraiche 0.6 Ruby Gem

May 27, 2014 (updated August 28, 2017)

A malicious email attachment with a file name consisting of shell metacharacters could inject commands into the shell. If the attacker is allowed to specify a filename (via a web gui) commands could be injected that way as well.

References

vapid.dhs.org/advisories/cremefraiche-cmd-inj.html

Code Behaviors & Features

Detect and mitigate CVE-2013-2090 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →