Описание
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.
Ссылки
- Issue TrackingMailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingMailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.0 (включая)Версия до 4.0.0 (включая)Версия до 0.1.0 (включая)
Одно из
cpe:2.3:a:gollum_project:gollum:*:*:*:*:*:*:*:*
cpe:2.3:a:gollum_project:gollum-lib:*:*:*:*:*:*:*:*
cpe:2.3:a:gollum_project:grit_adapter:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04947
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 8.8
github
около 8 лет назад
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
EPSS
Процентиль: 89%
0.04947
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284