CVE-2013-1911

Name of the Vulnerable Software and Affected Versions ldoce gem version 0.0.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an mp3 URL or file name. This is possible due to a flaw in the lib/ldoce/word.rb file of the ldoce gem for Ruby.

Recommendations For ldoce gem version 0.0.2, consider restricting the use of the lib/ldoce/word.rb file until a patch is available, and avoid using shell metacharacters in mp3 URLs or file names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.