Updated advisory posts against rubysec/ruby-advisory-db@b1000b5

jasnow · RubySec CI · commit c456e761052e · 2026-06-05T16:09:07.000Z
diff --git a/advisories/_posts/2011-10-05-CVE-2011-10019.md b/advisories/_posts/2011-10-05-CVE-2011-10019.md
@@ -0,0 +1,36 @@
+---
+layout: advisory
+title: 'CVE-2011-10019 (spree): Remote Command Execution in Spree search functionality'
+comments: false
+categories:
+- spree
+advisory:
+  gem: spree
+  cve: 2011-10019
+  osvdb: 76011
+  ghsa: 97vm-c39p-jr86
+  url: https://nvd.nist.gov/vuln/detail/CVE-2011-10019
+  title: Remote Command Execution in Spree search functionality
+  date: 2011-10-05
+  description: |-
+    Spree versions prior to 0.60.2 contain a remote command execution
+    vulnerability in the search functionality. The application fails to
+    properly sanitize input passed via the `search[:send][]` parameter,
+    which is dynamically invoked using Ruby’s `send` method. This allows
+    attackers to execute arbitrary shell commands on the server without
+    authentication.
+  cvss_v2: 9.0
+  cvss_v3: 9.8
+  cvss_v4: 10.0
+  patched_versions:
+  - ">= 0.60.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-10019
+    - https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/spree_search_exec.rb
+    - https://web.archive.org/web/20111009192436/http://spreecommerce.com/blog/2011/10/05/remote-command-product-group
+    - https://www.exploit-db.com/exploits/17941
+    - https://www.vulncheck.com/advisories/spreecommerce-search-parameter-rce
+    - https://github.com/orgs/spree/spree
+    - https://github.com/advisories/GHSA-97vm-c39p-jr86
+---
