Ruby extlib CVE-2013-1802 Parameter Parsing Vulnerability

Bugtraq ID:	58275
Class:	Input Validation Error
CVE:	CVE-2013-1802
Remote:	Yes
Local:	No
Published:	Jan 14 2013 12:00AM
Updated:	Jan 14 2013 12:00AM
Credit:	Ben Murphy, Magnus Holm, Felix Wilhelm, Darcy Laycock, Jonathan Rudenberg, Bryan Helmkamp, Benoist Claassen and Charlie Somerville
Vulnerable:	Dan Kubb extlib 0.9.15
Not Vulnerable:	Dan Kubb extlib 0.9.16

Ruby extlib CVE-2013-1802 Parameter Parsing Vulnerability

extlib is prone to a parameter parsing vulnerability.

An attacker can exploit this vulnerability to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.

extlib versions 0.9.15 and prior are affected.

Ruby extlib CVE-2013-1802 Parameter Parsing Vulnerability

An attacker can exploit this issue using a web browser.

Ruby extlib CVE-2013-1802 Parameter Parsing Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Ruby extlib CVE-2013-1802 Parameter Parsing Vulnerability

References:

• extlib Homepage (Dan Kubb)
  
• January 14, 2013: Security vulnerabilities: httparty, extlib, crack, nori: Updat (Engine Yard)