GHSA-p65m-qr5x-rrqq
- Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-p65m-qr5x-rrqq/GHSA-p65m-qr5x-rrqq.json
- Aliases
-
- CVE-2013-7086
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2022-11-22T01:03:15.867188Z
- Details
-
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-7086
- https://github.com/webbynode/webbynode/pull/85
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89705
- https://github.com/advisories/GHSA-p65m-qr5x-rrqq
- https://github.com/webbynode/webbynode
- http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html
- http://osvdb.org/100920
- http://packetstormsecurity.com/files/124421
- http://seclists.org/oss-sec/2013/q4/493
- http://seclists.org/oss-sec/2013/q4/497
- http://www.securityfocus.com/bid/64289
- http://www.vapid.dhs.org/advisories/webbynode-command-inj.html
Affected packages
RubyGems / webbynode
webbynode
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.4.1
0.2.5.beta1
0.2.5.beta2
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.3.beta
1.0.3.beta1
1.0.3.beta4
1.0.4
1.0.4.2
1.0.4.3
1.0.4.beta3
1.0.4.beta4
1.0.5
1.0.5.1
1.0.5.2
1.0.5.3
1.0.5.beta10
1.0.5.beta2
1.0.5.beta3
1.0.5.beta4
1.0.5.beta5
1.0.5.beta6
1.0.5.beta7