8.8

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-2516

CVE-2013-2516: Fileutils Command Injection vulnerability

Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-2516

CVE-2013-2516:

8.8

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
fileutils	rubygems	< 0.7.1	0.7.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper neutralization of user input passed to shell commands. The commit diff shows critical changes where shell-based implementations (like ln -s) were replaced with Ruby-native methods (File.symlink). Functions like ln_s, install, and cp were modified to eliminate shell command generation, indicating they previously exposed command injection vectors. The advisory confirms URL/shell injection patterns, aligning with these functions' pre-patch behavior of passing user input to shell commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-2516: Fileutils Command Injection vulnerability

CVE-2013-2516:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2013-2516: Fileutils Command Injection vulnerability

8.8

8.8

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI