/
CVE-2014-10075.yml
33 lines (30 loc) · 1.1 KB
/
CVE-2014-10075.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
gem: karo
library: rubygems
framework: rubygems
platform: rubygems
cve: 2014-10075
osvdb: 108573
ghsa: qfwq-chf4-jvwg
url: https://nvd.nist.gov/vuln/detail/CVE-2014-10075
title: karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
date: 2014-06-30
description: |
The karo gem 2.3.8 for Ruby allows Remote command injection via
the host field.
karo Gem for Ruby contains a flaw in db.rb that is triggered when handling
metacharacters. This may allow a remote attacker to execute arbitrary
commands.
* CWE-77 - Improper Neutralization of Special Elements used
in a Command ('Command Injection')
* Severity: CRITICAL - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss_v3: 9.8
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2014-10075
- http://www.vapid.dhs.org/advisories/karo-2.3.8.html
- http://www.vapidlabs.com/advisory.php?v=63
- http://osvdb.org/show/osvdb/108573
- https://github.com/advisories/GHSA-qf67-vmxx-gp4jGHSA-qfwq-chf4-jvwg.json
- https://github.com/rahult/karo
- https://github.com/rahult/karo/blob/master/CHANGELOG.md