3 matches found
CVE-2014-10075
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...
CVE-2014-10075
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...
CVE-2014-10075
CVE-2014-10075 affects the Ruby karo gem (v2.3.8) and enables Remote command injection via the host field. The flaw resides in db.rb where metacharacters are mishandled, allowing an attacker to execute arbitrary commands (examples show building and executing a shell command with unsanitized input...