Sha256: c03ed12d3068d57705d76d931d818cd94e225ab09760394e49f8e3d86daf2e0d

Contents?: true

Size: 486 Bytes

Versions: 5

Compression:

Stored size: 486 Bytes

Contents

---
gem: sfpagent
cve: 2014-2888
osvdb: 105971
url: http://www.osvdb.org/show/osvdb/105971
title: sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution
date: 2014-04-16
description: |
  sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body]
  input is not properly sanitized when handling module names with shell
  metacharacters. This may allow a context-dependent attacker to execute
  arbitrary commands.
cvss_v2: 7.5
patched_versions:
  - ">= 0.4.15"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml