CVE-2013-1898: Remote code execution

April 9, 2013 (updated April 10, 2013)

Specially crafted URLs can result in remote code execution if the URL contains shell metacharacters. This is due to the fact that the url is passed directly to the shell in the code thumbshooter.rb create method.

References

vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1898

Code Behaviors & Features

Detect and mitigate CVE-2013-1898 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →