Sha256: dce8436ce4c6b2cfea7a5bc16d83bf123819300ff8a1e8dcdafc720cd9165a40

Contents?: true

Size: 529 Bytes

Versions: 6

Compression:

Stored size: 529 Bytes

Contents

---
gem: kompanee-recipes
osvdb: 108593
url: http://osvdb.org/show/osvdb/108593
title: kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness
date: 2014-06-30
description: |
  kompanee-recipes Gem for Ruby contains a flaw in
  /lib/kompanee-recipes/heroku.rb that is triggered when handling shell
  metacharacters passed via the 'password', 'user', 'deploy_name', and
  'application' variables. This may allow a remote attacker to execute
  arbitrary commands.

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml