Описание
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
Комментарий
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00202
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 11 лет назад
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...
github
около 3 лет назад
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed
EPSS
Процентиль: 43%
0.00202
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other