Lucene search
GitHub Advisory DatabaseGHSA-M6F7-46HW-GRCJHistoryOct 24, 2017 - 6:33 p.m.
Creme Fraiche contains OS Command Injection
2017-10-2418:33:37
CWE-78
GitHub Advisory Database
github.com
10
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.5%
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
cremefraicheRange<0.6.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| cremefraiche | lt | 0.6.1 |
Related
nvd
nvd
CVE-2013-2090
2014-05-27 14:55:06
cvelist
cvelist
CVE-2013-2090
2014-05-27 15:00:00
cve
cve
CVE-2013-2090
2014-05-27 15:00:00
packetstorm
packetstorm
Ruby Gem Creme Fraiche 0.6 Command Injection
2013-05-14 00:00:00
osv
osv
Creme Fraiche contains OS Command Injection
2017-10-24 18:33:37
prion
prion
Information disclosure
2014-05-27 14:55:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.5%
Related for GHSA-M6F7-46HW-GRCJ