Lucene search
RubySecRUBY:GITLAB-GRIT-2013-4489-99370HistoryNov 03, 2013 - 8:00 p.m.
GitLab Grit Gem for Ruby contains a flaw
2013-11-0320:00:00
RubySec
nvd.nist.gov
6
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
GitLab Grit Gem for Ruby contains a flaw in the app/contexts/search_context.rb
script. The issue is triggered when input passed via the code search box is not
properly sanitized, which allows strings to be evaluated by the Bourne shell. This
may allow a remote attacker to execute arbitrary commands.
Affected configurations
Node
rubygitlab-gritRange≤2.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | gitlab-grit | * | cpe:2.3:a:ruby:gitlab-grit:*:*:*:*:*:*:*:* |
References
Related
osv
osv
debiancve
debiancve
CVE-2013-4489
2014-05-17 20:55:02
cve
cve
CVE-2013-4489
2014-05-17 20:55:02
github
github
prion
prion
Design/Logic Flaw
2014-05-17 20:55:00
cvelist
cvelist
CVE-2013-4489
2014-05-17 20:00:00
nvd
nvd
CVE-2013-4489
2014-05-17 20:55:02
openvas
openvas
GitLab Community Edition 4.2.x - 5.4.0, 6.x - 6.2.2 Multiple Vulnerabilities
2022-03-28 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related for RUBY:GITLAB-GRIT-2013-4489-99370