CVE-2013-4203

Name of the Vulnerable Software and Affected Versions rgpg gem versions prior to 0.2.3

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. This is due to a problem in the self.run gpg function in lib/rgpg/gpg helper.rb.

Recommendations For versions prior to 0.2.3, update to version 0.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the self.run gpg function until a patch is available. Avoid using shell metacharacters in unspecified vectors to minimize the risk of exploitation.