Moderate severityNVD Advisory· Published Apr 22, 2014· Updated May 6, 2026

CVE-2013-2105

Description

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

Affected products

Jonathan Leung/Show In Browser
cpe:2.3:a:jonathan_leung:show_in_browser:0.0.3:*:*:*:*:ruby:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vapid.dhs.org/advisories/show_in_browser.htmlnvdExploitWEB
www.openwall.com/lists/oss-security/2013/05/18/4nvdExploitWEB
github.com/advisories/GHSA-9hx9-w2j6-rw76ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-2105ghsaADVISORY
exchange.xforce.ibmcloud.com/vulnerabilities/84378nvdWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/show_in_browser/CVE-2013-2105.ymlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000