RubySecRUBY:GOLLUM-GRIT_ADAPTER-2014-9489gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The gollum-grit_adapter gem contains a flaw that can allow arbitrary
command execution.
Grit implements its search functionality by shelling out to git grep. In
turn, git grep takes a -O or --open-files-in-pages option that will
pipe the results of grep to an arbitrary process. By failing to properly
sanitize user input search parameters, an attacker can thus perform command
execution.
Note that the grep result must find the string ‘master’ (or
whatever is the default branch that gollum uses) in any of the wiki’s
documents for this to succeed.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | gollum-grit_adapter | * | cpe:2.3:a:ruby:gollum-grit_adapter:*:*:*:*:*:*:*:* |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H