CVE-2006-2582: Remote code execution in rwiki

October 24, 2017 (updated April 3, 2025)

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.

References

exchange.xforce.ibmcloud.com/vulnerabilities/26668
github.com/advisories/GHSA-wwmf-6p58-6vj2
github.com/rubysec/ruby-advisory-db/blob/master/gems/rwiki/CVE-2006-2582.yml
nvd.nist.gov/vuln/detail/CVE-2006-2582
web.archive.org/web/20090501134922/http://www2a.biglobe.ne.jp/~seki/ruby/rwiki.html

Code Behaviors & Features

Detect and mitigate CVE-2006-2582 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →