sprout 1.0.24.pre
1 security vulnerability
found in version
1.0.24.pre
sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution
high severity CVE-2013-6421
high severity
CVE-2013-6421
Unaffected versions:
< 0.7.246
sprout Gem for Ruby contains a flaw in the unpack_zip() function in archive_unpacker.rb. The issue is due to the program failing to properly sanitize input passed via the 'zip_file', 'dir', 'zip_name', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Gem version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This gem version is available.
This gem version has not been yanked and is still available for usage.