OSVDB-110796: Remote code execution via handlebars helper

September 4, 2014

The gem contains a flaw in helper method dispatch where it uses Kernel::send to call helpers without checking that they are defined within the template context first. This allows expressions such as {{system “ls”}} or {{eval “puts 1 + 1”}} to be executed.

References

osvdb.org/show/osvdb/110796
github.com/jamesotron/FlavourSaver/commit/04a8ff444a9a9668a75b01b20b4974d398087a64

Detect and mitigate OSVDB-110796 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →