High severityNVD Advisory· Published Apr 9, 2013· Updated Apr 29, 2026
CVE-2013-1898
CVE-2013-1898
Description
lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thumbshooterRubyGems | <= 0.1.5 | — |
Affected products
1- cpe:2.3:a:digineo:thumbshooter:0.1.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-7fqj-cg79-f2pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1898ghsaADVISORY
- seclists.org/fulldisclosure/2013/Mar/218nvdWEB
- vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.htmlnvdWEB
- www.openwall.com/lists/oss-security/2013/03/26/13nvdWEB
- www.openwall.com/lists/oss-security/2013/03/26/3nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/thumbshooter/CVE-2013-1898.ymlghsaWEB
- osvdb.org/91839nvd
News mentions
0No linked articles in our index yet.