Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Gollum Security Vulnerabilities - May

cve
cve

CVE-2014-9489

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.

8.8CVSS

8.7AI Score

0.005EPSS

2017-10-17 02:29 PM
42
cve
cve

CVE-2015-7314

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

6.8AI Score

0.005EPSS

2015-10-06 01:59 AM
49
cve
cve

CVE-2020-35305

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.

6.1CVSS

6AI Score

0.001EPSS

2022-07-15 02:15 PM
39
21