Moderate severityNVD Advisory· Published Nov 2, 2013· Updated Apr 29, 2026
CVE-2013-4457
CVE-2013-4457
Description
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cocaineRubyGems | >= 0.4.0, < 0.5.3 | 0.5.3 |
Affected products
6cpe:2.3:a:thoughtbot:cocaine:0.4.0:-:*:*:*:ruby:*:*+ 5 more
- cpe:2.3:a:thoughtbot:cocaine:0.4.0:-:*:*:*:ruby:*:*
- cpe:2.3:a:thoughtbot:cocaine:0.4.1:-:*:*:*:ruby:*:*
- cpe:2.3:a:thoughtbot:cocaine:0.4.2:-:*:*:*:ruby:*:*
- cpe:2.3:a:thoughtbot:cocaine:0.5.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:thoughtbot:cocaine:0.5.1:-:*:*:*:ruby:*:*
- cpe:2.3:a:thoughtbot:cocaine:0.5.2:-:*:*:*:ruby:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/55365nvdVendor Advisory
- github.com/advisories/GHSA-c43v-hrmg-56r4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4457ghsaADVISORY
- www.openwall.com/lists/oss-security/2013/10/22/10nvdWEB
- github.com/thoughtbot/cocaine/blob/master/NEWS.mdnvdWEB
- osvdb.org/98835nvd
News mentions
0No linked articles in our index yet.