CVE-2013-2105
show_in_browser gem 0.0.3 - Symlink Attack via /tmp/browser.html
Title source: llmDescription
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/05/18/4
Exploit x_refsource_misc
http://vapid.dhs.org/advisories/show_in_browser.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84378
Scores
EPSS
0.0012
EPSS Percentile
29.9%
Details
CWE
CWE-59
Status
published
Products (2)
jonathan_leung/show_in_browser
0.0.3
rubygems/show_in_browser
RubyGems
Published
Apr 22, 2014
Tracked Since
Feb 18, 2026