High severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026
CVE-2013-2617
CVE-2013-2617
Description
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
curlRubyGems | <= 0.0.9 | — |
Affected products
1- cpe:2.3:a:curl_project:curl:-:*:*:*:*:ruby:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.htmlnvdThird Party AdvisoryVDB EntryWEB
- seclists.org/fulldisclosure/2013/Mar/124nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2013/03/19/9nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-hxx6-p24v-wg8cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2617ghsaADVISORY
- www.osvdb.org/91230nvdBroken Link
- github.com/rubysec/ruby-advisory-db/blob/master/gems/curl/CVE-2013-2617.ymlghsaWEB
News mentions
0No linked articles in our index yet.