CVE-2013-7086

Опубликовано: 19 дек. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html
Exploit
http://osvdb.org/100920
http://packetstormsecurity.com/files/124421
Exploit
http://seclists.org/oss-sec/2013/q4/493
Exploit
http://seclists.org/oss-sec/2013/q4/497
Exploit
http://www.securityfocus.com/bid/64289
http://www.vapid.dhs.org/advisories/webbynode-command-inj.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89705
https://github.com/webbynode/webbynode/pull/85
http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html
Exploit
http://osvdb.org/100920
http://packetstormsecurity.com/files/124421
Exploit
http://seclists.org/oss-sec/2013/q4/493
Exploit
http://seclists.org/oss-sec/2013/q4/497
Exploit
http://www.securityfocus.com/bid/64289
http://www.vapid.dhs.org/advisories/webbynode-command-inj.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89705
https://github.com/webbynode/webbynode/pull/85

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:webbynode:webbynode:*:-:-:*:-:ruby:*:*

Версия до 1.0.5.3 (включая)

cpe:2.3:a:webbynode:webbynode:1.0.5:-:-:*:-:ruby:*:*

cpe:2.3:a:webbynode:webbynode:1.0.5.1:-:-:*:-:ruby:*:*

cpe:2.3:a:webbynode:webbynode:1.0.5.2:-:-:*:-:ruby:*:*

EPSS

Процентиль: 84%

0.02072

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-p65m-qr5x-rrqq

github

больше 8 лет назад

Webbynode Code Injection vulnerability