Sha256: c75b7860af35acc0f15d67e900679cf6829ba77c94a9d9efc69c9379d1b0473e

Contents?: true

Size: 494 Bytes

Versions: 1

Compression:

Stored size: 494 Bytes

Contents

---
gem: sfpagent
cve: 2014-2888
osvdb: 105971
url: https://nvd.nist.gov/vuln/detail/CVE-2014-2888
title: sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution
date: 2014-04-16
description: |
  sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body]
  input is not properly sanitized when handling module names with shell
  metacharacters. This may allow a context-dependent attacker to execute
  arbitrary commands.
cvss_v2: 7.5
patched_versions:
  - ">= 0.4.15"

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/sfpagent/CVE-2014-2888.yml