Description
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://github.com/thoughtbot/cocaine/blob/master/NEWS.md
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/98835
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/22/10
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55365
Scores
EPSS
0.0038
EPSS Percentile
59.2%
Details
CWE
CWE-78
Status
published
Products (7)
rubygems/cocaine
0.4.0 - 0.5.3RubyGems
thoughtbot/cocaine
0.4.0
thoughtbot/cocaine
0.4.1
thoughtbot/cocaine
0.4.2
thoughtbot/cocaine
0.5.0
thoughtbot/cocaine
0.5.1
thoughtbot/cocaine
0.5.2
Published
Nov 02, 2013
Tracked Since
Feb 18, 2026