Lucene search
MitreCVE-2013-5036HistoryMay 27, 2014 - 3:00 p.m.
CVE-2013-5036
2014-05-2715:00:00
CWE-94
mitre
web.nvd.nist.gov
22
cve-2013-5036
square squash
remote code execution
yaml
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.919
Percentile
98.9%
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.
Affected configurations
Node
squashsquare_squashMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| squash | square_squash | - | cpe:2.3:a:squash:square_squash:-:*:*:*:*:*:*:* |
Related
checkpoint_advisories
checkpoint_advisories
Squash YAML Code Execution (CVE-2013-5036)
2016-10-18 00:00:00
zdt
zdt
Squash YAML Code Execution Vulnerability
2013-08-09 00:00:00
metasploit
metasploit
Squash YAML Code Execution
2013-08-06 18:00:17
exploitdb
exploitdb
Squash - YAML Code Execution (Metasploit)
2013-08-12 00:00:00
packetstorm
packetstorm
Squash YAML Code Execution
2013-08-09 00:00:00
cvelist
cvelist
CVE-2013-5036
2014-05-27 15:00:00
nvd
nvd
CVE-2013-5036
2014-05-27 14:55:10
prion
prion
Deserialization of untrusted data
2014-05-27 14:55:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.919
Percentile
98.9%
Related for CVE-2013-5036