Lucene search

GitHub Advisory DatabaseGHSA-78J3-7WPM-QHVP

HistoryOct 24, 2017 - 6:33 p.m.

Shell Metacharacter Injection in kelredd-pruview

2017-10-2418:33:37

CWE-78

GitHub Advisory Database

github.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.6%

JSON

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to document.rb, video.rb, or video_image.rb.

Affected configurations

Vulners

Node

kelreddpruviewRange≤0.5.0

CPENameOperatorVersion
kelredd-pruviewle0.5.0

CPE	Name	Operator	Version
	kelredd-pruview	le	0.5.0

References

vapid.dhs.org/advisories/kelredd-pruview-cmd-inject.html

www.openwall.com/lists/oss-security/2013/04/10/3

www.openwall.com/lists/oss-security/2013/04/12/2

github.com/advisories/GHSA-78j3-7wpm-qhvp

github.com/rubysec/ruby-advisory-db/blob/master/gems/kelredd-pruview/CVE-2013-1947.yml

nvd.nist.gov/vuln/detail/CVE-2013-1947

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.6%

JSON

Related for GHSA-78J3-7WPM-QHVP