Plattform
ruby
Komponente
cremefraiche
Behoben in
0.6.1
CVE-2013-2090 is a critical Command Injection vulnerability affecting the Creme Fraiche gem, specifically versions prior to 0.6.1. This flaw allows a remote attacker to execute arbitrary commands on a system by injecting shell metacharacters into the filename of an email attachment processed by the gem. The vulnerability impacts Ruby applications leveraging Creme Fraiche for metadata extraction and manipulation, and a fix is available in version 0.6.1.
The impact of CVE-2013-2090 is severe. An attacker can leverage this vulnerability to gain complete control over the affected system. By crafting a malicious email attachment with a specially crafted filename containing shell metacharacters, the attacker can trick the Creme Fraiche gem into executing arbitrary commands. This could lead to data exfiltration, system modification, installation of malware, or even complete system takeover. The blast radius extends to any system running a vulnerable Ruby application that processes email attachments using the Creme Fraiche gem. While the initial report is dated, the potential for exploitation remains if legacy systems are still in use.
CVE-2013-2090 was publicly disclosed in 2017. There is no indication of it being added to the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit. Given the age of the vulnerability and the availability of a patch, active exploitation is considered less likely, but legacy systems remain a potential target. The vulnerability was published on 2017-10-24.
Ruby applications that rely on the Creme Fraiche gem for metadata extraction, particularly those that process email attachments without proper input validation, are at significant risk. Shared hosting environments where multiple applications share the same Ruby environment are also vulnerable, as a compromise of one application could potentially affect others.
• ruby / server:
find / -name "cremefraiche.rb" -print• ruby / server:
grep -r "set_meta_data" /path/to/your/ruby/project• generic web:
Inspect email attachments for unusual filenames containing shell metacharacters (e.g., ;, |, &, $).
• generic web:
Review application logs for errors related to file processing or command execution.
discovery
disclosure
Exploit-Status
EPSS
1.44% (81% Perzentil)
The primary mitigation for CVE-2013-2090 is to upgrade the Creme Fraiche gem to version 0.6.1 or later. This version contains a fix that prevents the injection of malicious shell metacharacters. If upgrading is not immediately feasible, consider implementing input validation and sanitization on all email attachment filenames before processing them with the Creme Fraiche gem. This could involve stripping out potentially dangerous characters or using a whitelist approach to only allow specific characters in filenames. Web Application Firewalls (WAFs) configured to detect and block command injection attempts could also provide a layer of defense. There are no specific Sigma or YARA rules readily available for this particular vulnerability.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2013-2090 is a critical vulnerability in the Creme Fraiche gem, allowing attackers to execute commands via malicious email attachment filenames before version 0.6.1.
You are affected if your Ruby application uses Creme Fraiche gem versions prior to 0.6.1 and processes email attachments.
Upgrade the Creme Fraiche gem to version 0.6.1 or later. Implement input validation on attachment filenames as a temporary workaround.
While widespread active exploitation isn't confirmed, the vulnerability's ease of exploitation makes it a persistent risk and a potential target.
Refer to the CVE entry on the National Vulnerability Database (NVD) for more information: https://nvd.nist.gov/vuln/detail/CVE-2013-2090
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Gemfile.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.