CVE-2013-6421 is a command injection vulnerability discovered in the Sprout gem, specifically within the unpackzip function of the archiveunpacker.rb file. This flaw allows attackers to execute arbitrary commands on systems running vulnerable versions of the gem (≤0.7.246). The vulnerability stems from insufficient sanitization of filenames and paths during the zip file unpacking process, enabling the injection of shell metacharacters. A patch is available, requiring users to upgrade to a secure version.
The impact of CVE-2013-6421 is significant due to the potential for remote code execution (RCE). An attacker could craft a malicious zip file containing filenames or paths with embedded shell metacharacters. When the unpack_zip function processes this file, the injected commands would be executed on the server with the privileges of the Ruby process running the Sprout gem. This could lead to complete system compromise, including data theft, modification, or denial of service. The blast radius extends to any application or service relying on the vulnerable Sprout gem, potentially impacting multiple users and systems.
CVE-2013-6421 was published in 2017, indicating a significant time lag between discovery and public disclosure. There is no mention of it being added to the CISA KEV catalog or any active exploitation campaigns. Public proof-of-concept (PoC) code may exist, increasing the risk of exploitation if the vulnerability remains unpatched. The vulnerability's age and the potential for RCE make it a persistent threat, particularly in legacy systems or environments with outdated software.
Applications and services utilizing the Sprout gem, particularly those handling user-uploaded files or processing zip archives from untrusted sources, are at significant risk. Ruby applications deployed on older operating systems or with outdated gem dependencies are also more vulnerable. Shared hosting environments where multiple applications share the same Ruby environment are particularly susceptible, as a compromise in one application could potentially affect others.
• ruby / server:
grep -r 'unpack_zip' /path/to/ruby/gems/sprout-*/archive_unpacker.rb• ruby / server:
find /path/to/ruby/gems/ -name 'archive_unpacker.rb' -mtime +30• ruby / server:
ps aux | grep sproutdiscovery
disclosure
Exploit-Status
EPSS
1.23% (79% Perzentil)
The primary mitigation for CVE-2013-6421 is to upgrade the Sprout gem to a version that addresses the vulnerability. Unfortunately, a specific fixed version is not explicitly stated in the provided data. If upgrading is not immediately feasible, consider implementing input validation on any user-supplied filenames or paths before passing them to the unpack_zip function. Web application firewalls (WAFs) configured to detect and block command injection attempts could also provide a layer of defense. Carefully review any third-party libraries and dependencies to ensure they are not introducing similar vulnerabilities. After upgrade, confirm by attempting to unpack a test zip file with potentially malicious filenames and verifying that no commands are executed.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2013-6421 is a command injection vulnerability affecting versions of the Sprout gem (≤0.7.246) where shell metacharacters in filenames/paths during zip unpacking can lead to arbitrary command execution.
You are affected if your application uses Sprout gem version 0.7.246 or earlier. Check your gemfile and run gem list sprout to determine your version.
Upgrade the Sprout gem to a patched version. A specific fixed version is not provided, so consult the Sprout gem project for the latest secure release.
While there's no confirmed active exploitation, the vulnerability's age and potential for RCE suggest it remains a risk, especially in unpatched systems.
Consult the Sprout gem project's website or repository for advisories and release notes related to CVE-2013-6421.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Gemfile.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.