Lucene search

[email protected]CVE-2013-1898

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1898

2022-10-0316:14:46

CWE-94

[email protected]

web.nvd.nist.gov

cve

2013

1898

ruby

gem

thumbshooter

remote

command execution

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Affected configurations

NVD

Node

digineothumbshooterMatch0.1.5

CPENameOperatorVersion
digineo:thumbshooterdigineo thumbshootereq0.1.5

CPE	Name	Operator	Version
digineo:thumbshooter	digineo thumbshooter	eq	0.1.5

References

osvdb.org/91839

seclists.org/fulldisclosure/2013/Mar/218

vapid.dhs.org/advisories/thumbshooter-ruby-gem-remoteexec.html

www.openwall.com/lists/oss-security/2013/03/26/13

www.openwall.com/lists/oss-security/2013/03/26/3

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2013-1898

osv1 prion1 github1 nvd1 cvelist1