CVE-2013-2512
CRITICALftpd gem 0.2.1 - Remote Code Execution via FTP LIST/NLST Command Argument
Title source: llmDescription
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://vapidlabs.com/advisory.php?v=34
Scores
CVSS v3
9.8
EPSS
0.0284
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
ftpd_project/ftpd
0.2.1
rubygems/ftpd
0 - 0.2.2RubyGems
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026