---
gem: sfpagent
cve: 2014-2888
osvdb: 105971
url: https://nvd.nist.gov/vuln/detail/CVE-2014-2888
title: sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution
date: 2014-04-16
description: |
  sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body]
  input is not properly sanitized when handling module names with shell
  metacharacters. This may allow a context-dependent attacker to execute
  arbitrary commands.
cvss_v2: 7.5
patched_versions:
  - ">= 0.4.15"