9.3
CVE-2013-2090
- EPSS 1.45%
- Veröffentlicht 27.05.2014 14:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uplawski ≫ Creme Fraiche SwPlatformruby Version <= 0.6
Uplawski ≫ Creme Fraiche Version0.4.5 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.4.5.1 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.4.5.2 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.4.5.4 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.4.5.5 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.4.5.6 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.5 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.5.1 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.5.2 SwPlatformruby
Uplawski ≫ Creme Fraiche Version0.5.3 SwPlatformruby
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.45% | 0.801 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.