Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-qpqw-mc85-qvm9

Опубликовано: 01 июл. 2022
Источник: github
Github: Прошло ревью
CVSS3: 9.8

Описание

OS Command Injection in awesome spawn

Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

Ссылки

Пакеты

Наименование

awesome_spawn

rubygems
Затронутые версииВерсия исправления

< 1.2.0

1.2.0

EPSS

Процентиль: 80%
0.01367
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2014-0156

Дефекты

CWE-78

Связанные уязвимости

redhat логотип

CVE-2014-0156

CVSS3: 8.1
redhat
почти 12 лет назад

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

nvd логотип

CVE-2014-0156

CVSS3: 9.8
nvd
больше 3 лет назад

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

EPSS

Процентиль: 80%
0.01367
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2014-0156

Дефекты

CWE-78