GHSA-qfwq-chf4-jvwg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qfwq-chf4-jvwg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfwq-chf4-jvwg/GHSA-qfwq-chf4-jvwg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qfwq-chf4-jvwg
- Aliases
-
- CVE-2014-10075
- Published
- 2022-05-14T01:49:44Z
- Modified
- 2023-11-08T03:57:33.837325Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- karo Metacharacter Handling Remote Command Execution
- Details
-
The karo gem through 2.5.2 for Ruby allows Remote command injection via the host field.
A flaw in
db.rbis triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.In particular lines 76 and 95 (as of
2014-06-01) pass unsanitized user supplied input to the command line.73- host = "{@configuration["user"]}@{@configuration["host"]}" 74- cmd = "ssh #{host} cat {server_db_config_file}" 75- 76: server_db_config_output = `{cmd}` 79- -- 89- def drop_and_create_local_database(local_db_config) 90- command = case local_db_config["adapter"] 91- when "mysql2" 93- when "postgresql" 95- dropdb -h #{local_db_config["host"]} -U #{local_db_config["username"]} --if-exists #{local_db_config["database"]}If this gem is used in the context of a rails application malicious input could lead to remote command injection. As of version 2.5.2 the affected code lines have not changed.
- Database specific
{ "nvd_published_at": "2018-10-05T06:29:00Z", "github_reviewed_at": "2023-03-29T20:26:16Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-77" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-10075
- https://github.com/rahult/karo
- https://github.com/rahult/karo/blob/master/lib/karo/db.rb#L76
- https://github.com/rahult/karo/blob/master/lib/karo/db.rb#L95
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/karo/CVE-2014-10075.yml
- http://www.vapid.dhs.org/advisories/karo-2.3.8.html
- http://www.vapidlabs.com/advisory.php?v=63
Affected packages
RubyGems / karo
Package
- Name
- karo
- Purl
- pkg:gem/karo