Lucene search
HistoryApr 23, 2014 - 3:55 p.m.
CVE-2014-2888
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
90.0%
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
Affected configurations
Node
herrysfpagentRange≤0.4.14ruby
ORherrysfpagentMatch0.0.1ruby
ORherrysfpagentMatch0.1.0ruby
ORherrysfpagentMatch0.1.1ruby
ORherrysfpagentMatch0.1.2ruby
ORherrysfpagentMatch0.1.3ruby
ORherrysfpagentMatch0.1.4ruby
ORherrysfpagentMatch0.1.5ruby
ORherrysfpagentMatch0.1.6ruby
ORherrysfpagentMatch0.1.7ruby
ORherrysfpagentMatch0.1.8ruby
ORherrysfpagentMatch0.1.9ruby
ORherrysfpagentMatch0.1.10ruby
ORherrysfpagentMatch0.1.11ruby
ORherrysfpagentMatch0.1.12ruby
ORherrysfpagentMatch0.1.13ruby
ORherrysfpagentMatch0.1.14ruby
ORherrysfpagentMatch0.2.0ruby
ORherrysfpagentMatch0.2.1ruby
ORherrysfpagentMatch0.2.2ruby
ORherrysfpagentMatch0.2.3ruby
ORherrysfpagentMatch0.2.4ruby
ORherrysfpagentMatch0.2.5ruby
ORherrysfpagentMatch0.2.6ruby
ORherrysfpagentMatch0.2.7ruby
ORherrysfpagentMatch0.2.8ruby
ORherrysfpagentMatch0.2.9ruby
ORherrysfpagentMatch0.2.10ruby
ORherrysfpagentMatch0.3.0ruby
ORherrysfpagentMatch0.3.1ruby
ORherrysfpagentMatch0.3.2ruby
ORherrysfpagentMatch0.3.3ruby
ORherrysfpagentMatch0.3.4ruby
ORherrysfpagentMatch0.3.5ruby
ORherrysfpagentMatch0.3.6ruby
ORherrysfpagentMatch0.3.7ruby
ORherrysfpagentMatch0.3.8ruby
ORherrysfpagentMatch0.3.9ruby
ORherrysfpagentMatch0.3.10ruby
ORherrysfpagentMatch0.4.0ruby
ORherrysfpagentMatch0.4.1ruby
ORherrysfpagentMatch0.4.2ruby
ORherrysfpagentMatch0.4.3ruby
ORherrysfpagentMatch0.4.4ruby
ORherrysfpagentMatch0.4.5ruby
ORherrysfpagentMatch0.4.6ruby
ORherrysfpagentMatch0.4.7ruby
ORherrysfpagentMatch0.4.8ruby
ORherrysfpagentMatch0.4.9ruby
ORherrysfpagentMatch0.4.10ruby
ORherrysfpagentMatch0.4.11ruby
ORherrysfpagentMatch0.4.12ruby
ORherrysfpagentMatch0.4.13ruby
Related
packetstorm
packetstorm
Ruby Gem sfpagent 0.4.14 Command Injection
2014-04-18 00:00:00
cvelist
cvelist
CVE-2014-2888
2014-04-23 14:00:00
osv
osv
sfpagent Command Injection vulnerability
2017-10-24 18:33:36
zdt
zdt
Ruby Gem sfpagent 0.4.14 Command Injection Vulnerability
2014-04-19 00:00:00
prion
prion
Design/Logic Flaw
2014-04-23 15:55:00
github
github
sfpagent Command Injection vulnerability
2017-10-24 18:33:36
cve
cve
CVE-2014-2888
2014-04-23 15:55:04
securityvulns
securityvulns
Different Ruby gems security vulnerabilities
2014-05-04 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
90.0%
Related for NVD:CVE-2014-2888