karo 2.5.2

1 security vulnerability found in version 2.5.2

karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution

critical severity CVE-2014-10075
critical severity CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.

karo Gem for Ruby contains a flaw in db.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • Severity: CRITICAL - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.