NVD

Id
41900  
Name
CVE-2013-7086  
Description
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-12-18  
Modified Date
2013-12-19  
Seq
2013-7086  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
211547 41900 CVE-2013-7086 20131214 Command injection in Ruby Gem Webbynode 1.0.5.3  View
211548 41900 CVE-2013-7086 http://packetstormsecurity.com/files/124421  View
211549 41900 CVE-2013-7086 [oss-security] 20131212 Command injection in Ruby Gem Webbynode 1.0.5.3  View
211550 41900 CVE-2013-7086 [oss-security] 20131212 Re: Command injection in Ruby Gem Webbynode 1.0.5.3  View
211551 41900 CVE-2013-7086 64289  View
211552 41900 CVE-2013-7086 http://www.vapid.dhs.org/advisories/webbynode-command-inj.html  View
211553 41900 CVE-2013-7086 webbynode-cve20137086-command-exec(89705)  View
211554 41900 CVE-2013-7086 https://github.com/webbynode/webbynode/pull/85  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24045 JVNDB-2013-005620 Ruby 用 Webbynode gem における任意のコマンドを実行される脆弱性 Ruby 用 Webbynode gem の lib/webbynode/notify.rb 内の message 関数には、任意のコマンドを実行される脆弱性が存在します。 CVE-2013-7086 67028 CVE-2013-7086 41900 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005620.html 2013-11-11 2013-12-20 View