CVE-2013-4203: Remote Command Injection

October 11, 2013 (updated October 15, 2013)

Some code does not sanitize user supplied input before passing it to the System() function for execution. If this API is used in the context of a RoR application remote commands can be injected into the shell if the user supplies shell meta characters like ; and &.

References

vapid.dhs.org/advisories/rgpg-api-rubygem-cmd-inj.html

Code Behaviors & Features

Detect and mitigate CVE-2013-4203 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →