OS Command Injection in awesome spawn

GHSA-qpqw-mc85-qvm9 · CVE-2014-0156

Published Jul 1, 2022 · Modified Feb 18, 2024

Description

Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0156
WEB https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff
PACKAGE https://github.com/ManageIQ/awesome_spawn
WEB https://rubysec.com/advisories/CVE-2014-0156

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes