4 matches found
EUVD-2017-0352
Malware in sbrugna...
Code injection
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
CVE-2014-9489
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
gollum Upload File Functionality Permits Arbitrary File Access
The gollum gem contains a flaw in its upload file functionality that can allow arbitrary file access. This occurs due to a lack of type checking when handling temporary files during the upload process...