Different Ruby gems security vulnerabilities

Different Ruby gems security vulnerabilities updated since 08.01.2014
Published:		04.05.2014
Source:		BUGTRAQ
SecurityVulns ID:		13481
Type:		library
Threat Level:		5/10
Description:		Crossite scripting, code execution, information leakage.

Affected:		RUBY : Gem Webbynode 1.0
		RUBY : Gem Bio Basespace SDK 0.1
		RUBY : Gem sprout 0.7
		RUBY : Gem i18n 0.6
		RUBY : Gem Arabic Prawn 0.0
		RUBY : Gem sfpagent 0.4
CVE:		CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.)
		CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.)
		CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.)

Original document		larry0_(at)_me.com, Remote Command Injection in Ruby Gem sfpagent 0.4.14 (04.05.2014)
		larry0_(at)_me.com, Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (04.05.2014)
		larry0_(at)_me.com, Command injection in Ruby Gem Webbynode 1.0.5.3 (08.01.2014)
		larry0_(at)_me.com, Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line (08.01.2014)
		larry0_(at)_me.com, Command injection vulnerability in Ruby Gem sprout 0.7.246 (08.01.2014)
		DEBIAN, [SECURITY] [DSA 2830-1] ruby-i18n security update (08.01.2014)