CVE-2013-5647: Command Injection in Sounder

August 29, 2013

Sounder passes user supplied data directly to command line. See link for a proof of concept.

References

vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html

Code Behaviors & Features

Detect and mitigate CVE-2013-5647 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →