CVE-2013-4457

Published: Nov 2, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

Affected (6)

Products: Thoughtbot: Cocaine

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Thoughtbot Cocaine	Version 0.4.0
Thoughtbot Cocaine	Version 0.4.1
Thoughtbot Cocaine	Version 0.4.2
Thoughtbot Cocaine	Version 0.5.0
Thoughtbot Cocaine	Version 0.5.1
Thoughtbot Cocaine	Version 0.5.2

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

http://osvdb.org/98835

Source: secalert@redhat.com

http://secunia.com/advisories/55365

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/10/22/10

Source: secalert@redhat.com

https://github.com/thoughtbot/cocaine/blob/master/NEWS.md

Source: secalert@redhat.com

http://osvdb.org/98835

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55365

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/10/22/10

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/thoughtbot/cocaine/blob/master/NEWS.md

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.