Lucene search
RubySecRUBY:SFPAGENT-2014-2888-105971HistoryApr 15, 2014 - 8:00 p.m.
sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution
2014-04-1520:00:00
RubySec
rubysec.com
4
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body]
input is not properly sanitized when handling module names with shell
metacharacters. This may allow a context-dependent attacker to execute
arbitrary commands.
Affected configurations
Node
rubysfpagentRange<0.4.15
References
Related
prion
prion
Design/Logic Flaw
2014-04-23 15:55:00
osv
osv
sfpagent Command Injection vulnerability
2017-10-24 18:33:36
zdt
zdt
Ruby Gem sfpagent 0.4.14 Command Injection Vulnerability
2014-04-19 00:00:00
packetstorm
packetstorm
Ruby Gem sfpagent 0.4.14 Command Injection
2014-04-18 00:00:00
cvelist
cvelist
CVE-2014-2888
2014-04-23 14:00:00
nvd
nvd
CVE-2014-2888
2014-04-23 15:55:04
cve
cve
CVE-2014-2888
2014-04-23 15:55:04
github
github
sfpagent Command Injection vulnerability
2017-10-24 18:33:36
securityvulns
securityvulns
Different Ruby gems security vulnerabilities
2014-05-04 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for RUBY:SFPAGENT-2014-2888-105971