Information disclosure

2014-05-2714:55:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.5%

JSON

The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
creme_fraicheeq0.4.5.1
creme_fraicheeq0.5.3
creme_fraicheeq0.5
creme_fraicheeq0.4.5
creme_fraicheeq0.4.5.4
creme_fraicheeq0.4.5.2
creme_fraichele0.6
creme_fraicheeq0.5.1
creme_fraicheeq0.5.2
creme_fraicheeq0.4.5.5

Name	Operator	Version
creme_fraiche	eq	0.4.5.1
creme_fraiche	eq	0.5.3
creme_fraiche	eq	0.5
creme_fraiche	eq	0.4.5
creme_fraiche	eq	0.4.5.4
creme_fraiche	eq	0.4.5.2
creme_fraiche	le	0.6
creme_fraiche	eq	0.5.1
creme_fraiche	eq	0.5.2
creme_fraiche	eq	0.4.5.5