Skip to content

Webbynode Code Injection vulnerability

High severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Aug 29, 2023

Package

bundler webbynode (RubyGems)

Affected versions

<= 1.0.5.3

Patched versions

None

Description

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

References

Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Aug 29, 2023

Severity

High

Weaknesses

CVE ID

CVE-2013-7086

GHSA ID

GHSA-p65m-qr5x-rrqq

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.