CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
GitLab Grit Gem for Ruby contains a flaw in the app/contexts/search_context.rb
script. The issue is triggered when input passed via the code search box is not
properly sanitized, which allows strings to be evaluated by the Bourne shell. This
may allow a remote attacker to execute arbitrary commands.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | gitlab-grit | * | cpe:2.3:a:ruby:gitlab-grit:*:*:*:*:*:*:*:* |