- Description
- The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-94
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webbynode:webbynode:*:-:-:*:-:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "4E9A8F98-0FB2-4EE2-8739-A8806970E8C2",
"versionEndIncluding": "1.0.5.3"
},
{
"criteria": "cpe:2.3:a:webbynode:webbynode:1.0.5:-:-:*:-:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "16577EA8-A957-44F2-A6AC-083B84CE789F"
},
{
"criteria": "cpe:2.3:a:webbynode:webbynode:1.0.5.1:-:-:*:-:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "7678FC1E-549A-445A-A1B5-73544C9FCF2A"
},
{
"criteria": "cpe:2.3:a:webbynode:webbynode:1.0.5.2:-:-:*:-:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "58AF4481-B4D2-4FE9-886D-D440B82B7090"
}
],
"operator": "OR"
}
]
}
]