NVD

Id
40503  
Name
CVE-2013-5036  
Description
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-05-27  
Modified Date
2014-05-28  
Seq
2013-5036  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
205474 40503 CVE-2013-5036 http://ceriksen.com/2013/08/06/squash-remote-code-execution-vulnerability-advisory/  View
205475 40503 CVE-2013-5036 27530  View
205476 40503 CVE-2013-5036 squash-yaml-code-execution(86335)  View
205477 40503 CVE-2013-5036 https://github.com/SquareSquash/web/commit/6d667c19e96e4f23dccbfbe24afeebd18e98e1c5  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24952 JVNDB-2013-006527 Square Squash における任意のコードを実行される脆弱性 Square Squash には、任意のコードを実行される脆弱性が存在します。 CVE-2013-5036 64978 CVE-2013-5036 40503 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-006527.html 2013-06-25 2014-05-29 View