Sha256: 35c583b61e4d73850e3ff76609d68164a1f2594851ffd0850df1d994653498f3

Contents?: true

Size: 616 Bytes

Versions: 6

Compression:

Stored size: 616 Bytes

Contents

---
gem: awesome_spawn
cve: 2014-0156
url: https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff
title: OS command injection flaw in awesome_spawn
date: 2014-03-28

description: >-
  Awesome spawn contains OS command injection vulnerability, which allows
  execution of additional commands passed to Awesome spawn as arguments, e.g.
  AwesomeSpawn.run('ls',:params => {'-l' => ";touch haxored"}). If untrusted
  input was included in command arguments, attacker could use this flaw to
  execute arbitrary command.
  
cvss_v2:  6.8

patched_versions:
  - "~> 1.2.0"
  - ">= 1.3.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml