Lucene search

GitHub Advisory DatabaseGHSA-P65M-QR5X-RRQQ

HistoryOct 24, 2017 - 6:33 p.m.

Webbynode Code Injection vulnerability

2017-10-2418:33:36

CWE-94

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

84.1%

JSON

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

Affected configurations

Vulners

Node

webbynodewebbynodeRange≤1.0.5.3ruby

CPENameOperatorVersion
webbynodele1.0.5.3

CPE	Name	Operator	Version
	webbynode	le	1.0.5.3

References

packetstormsecurity.com/files/124421

seclists.org/oss-sec/2013/q4/493

seclists.org/oss-sec/2013/q4/497

exchange.xforce.ibmcloud.com/vulnerabilities/89705

github.com/advisories/GHSA-p65m-qr5x-rrqq

github.com/rubysec/ruby-advisory-db/blob/master/gems/webbynode/CVE-2013-7086.yml

github.com/webbynode/webbynode/pull/85

nvd.nist.gov/vuln/detail/CVE-2013-7086

web.archive.org/web/20200229074410/www.securityfocus.com/bid/64289

web.archive.org/web/20201208124343/www.vapid.dhs.org/advisories/webbynode-command-inj.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

84.1%

JSON

Related for GHSA-P65M-QR5X-RRQQ