3 matches found
CVE-2013-7086
The CVE concerns the Webbynode Ruby gem. The affected component is the notify.rb in the Webbynode gem (version 1.0.5.3 and earlier). The root cause is improper handling of growlnotify messages, allowing context-dependent attackers to inject and execute arbitrary shell commands via metacharacters ...
CVE-2013-7086
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message...
Webbynode Ruby Gems命令注入漏洞
Bugtraq ID:64289 CVE ID:CVE-2013-7086 Ruby Gem Webbynode是一款让用户部署应用至Webbynode平台的工具。 Ruby Gem Webbynode没有正确过滤通过growlnotify命令所提交的消息,如果消息中包含shell元字符,可以应用程序上下文执行任意命令。 0 Ruby Gem Webbynode 1.0.5.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://rubygems.org/gems/webbynode...