High severityNVD Advisory· Published Oct 11, 2013· Updated Apr 29, 2026

CVE-2013-4203

Description

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
rgpgRubyGems	< 0.2.3	0.2.3

Affected products

Richard Cook/Rgpg3 versions
cpe:2.3:a:richard_cook:rgpg:*:-:*:*:*:ruby:*:*+ 2 more
- cpe:2.3:a:richard_cook:rgpg:*:-:*:*:*:ruby:*:*range: <=0.2.2
- cpe:2.3:a:richard_cook:rgpg:0.2.0:-:*:*:*:ruby:*:*
- cpe:2.3:a:richard_cook:rgpg:0.2.1:-:*:*:*:ruby:*:*

Patches

b819b13d1984

https://github.com/rcook/rgpgvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/rcook/rgpg/commit/b819b13d198495f3ecd2762a0dbe27bb6fae3505nvdExploitPatchWEB
github.com/advisories/GHSA-jg4m-q6w8-vrjpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-4203ghsaADVISORY
www.openwall.com/lists/oss-security/2013/08/03/2nvdWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/rgpg/CVE-2013-4203.ymlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000