Lucene search
GitHub Advisory DatabaseGHSA-M6F7-46HW-GRCJHistoryOct 24, 2017 - 6:33 p.m.
Creme Fraiche contains OS Command Injection
2017-10-2418:33:37
CWE-78
GitHub Advisory Database
github.com
10
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.014
Percentile
86.5%
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
cremefraicheRange<0.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | cremefraiche | * | cpe:2.3:a:*:cremefraiche:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2013-2090
2014-05-27 15:00:00
cvelist
cvelist
CVE-2013-2090
2014-05-27 15:00:00
rubygems
rubygems
packetstorm
packetstorm
Ruby Gem Creme Fraiche 0.6 Command Injection
2013-05-14 00:00:00
osv
osv
Creme Fraiche contains OS Command Injection
2017-10-24 18:33:37
prion
prion
Information disclosure
2014-05-27 14:55:00
nvd
nvd
CVE-2013-2090
2014-05-27 14:55:06
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.014
Percentile
86.5%
Related for GHSA-M6F7-46HW-GRCJ