10

CVE-2014-3496

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

Data is provided by the National Vulnerability Database (NVD)
RedhatOpenshift Version1.2.8 SwEditionenterprise
RedhatOpenshift Version2.0
RedhatOpenshift Version2.0.1 Editionenterprise
RedhatOpenshift Version2.0.2 Editionenterprise
RedhatOpenshift Version2.0.3 Editionenterprise
RedhatOpenshift Version2.0.4 Editionenterprise
RedhatOpenshift Version2.0.5 Editionenterprise
RedhatOpenshift Version2.0.6 SwEditionenterprise
RedhatOpenshift Version2.1 SwEditionenterprise
RedhatOpenshift Version2.1.1 SwEditionenterprise
RedhatOpenshift Origin Version1.2.8
RedhatOpenshift Origin Version2.1
RedhatOpenshift Origin Version2.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.74% 0.895
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.