VYPR
Moderate severityNVD Advisory· Published Nov 2, 2013· Updated Jun 16, 2026

CVE-2013-4457

CVE-2013-4457

Description

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cocaineRubyGems
>= 0.4.0, < 0.5.30.5.3

Affected products

7
  • cpe:2.3:a:thoughtbot:cocaine:0.4.0:-:*:*:*:ruby:*:*+ 5 more
    • cpe:2.3:a:thoughtbot:cocaine:0.4.0:-:*:*:*:ruby:*:*
    • cpe:2.3:a:thoughtbot:cocaine:0.4.1:-:*:*:*:ruby:*:*
    • cpe:2.3:a:thoughtbot:cocaine:0.4.2:-:*:*:*:ruby:*:*
    • cpe:2.3:a:thoughtbot:cocaine:0.5.0:*:*:*:*:ruby:*:*
    • cpe:2.3:a:thoughtbot:cocaine:0.5.1:-:*:*:*:ruby:*:*
    • cpe:2.3:a:thoughtbot:cocaine:0.5.2:-:*:*:*:ruby:*:*
  • ghsa-coords
    Range: >= 0.4.0, < 0.5.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.