Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0270

Malware in sbrugna...

9.3CVSS6.3AI score0.04247EPSS
Exploits2References8
OSV
OSV
added 2017/10/24 6:33 p.m.15 views

GHSA-M6F7-46HW-GRCJ Creme Fraiche contains OS Command Injection

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS7.4AI score0.04247EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.32 views

Creme Fraiche contains OS Command Injection

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS7.4AI score0.04247EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2014/05/27 3:0 p.m.69 views

CVE-2013-2090

The Creme Fraiche Ruby gem (pre-0.6.1) is vulnerable to OS command injection via unsanitized file names in email attachments, enabling remote execution of arbitrary commands. Root cause: set_meta_data processes attachment filenames without proper validation, allowing shell metacharacters to pass ...

9.3CVSS7.8AI score0.04247EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2014/05/27 2:55 p.m.23 views

CVE-2013-2090

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS7.6AI score0.04247EPSS
Exploits2References5
Prion
Prion
added 2014/05/27 2:55 p.m.13 views

Information disclosure

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS8.2AI score0.04247EPSS
Exploits2References5Affected Software1
RubySec
RubySec
added 2013/05/14 12:0 a.m.23 views

Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution

Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

9.3CVSS5.2AI score0.04247EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder