GHSA-qpqw-mc85-qvm9

Source

https://github.com/advisories/GHSA-qpqw-mc85-qvm9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-qpqw-mc85-qvm9/GHSA-qpqw-mc85-qvm9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qpqw-mc85-qvm9

Aliases

CVE-2014-0156

Published

2022-07-01T00:01:04Z

Modified

2024-02-18T05:31:15.848772Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

OS Command Injection in awesome spawn

Details

Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

Database specific

{
    "nvd_published_at": "2022-06-30T21:15:00Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-21T20:25:02Z"
}

References

Affected packages

RubyGems / awesome_spawn

Package

Name: awesome_spawn
Purl: pkg:gem/awesome_spawn

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0

Affected versions

1.*

1.0.0

1.1.0

1.1.1