Ruby Gem Sprout 'unpack_zip()' Function Remote Command Injection Vulnerability

Sprout is prone to a remote command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.

Sprout 0.7.246 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus