rubygem-openshift-origin-node is vulnerable to remote code execution. A remote authenticated user is permitted to install cartridges via the web interface, which would allow a remote attacker to abuse the application behavior to execute arbitrary code on the system with root
privileges.
rhn.redhat.com/errata/RHSA-2014-0762.html
rhn.redhat.com/errata/RHSA-2014-0763.html
rhn.redhat.com/errata/RHSA-2014-0764.html
secunia.com/advisories/59298
access.redhat.com/errata/RHSA-2014:0762
access.redhat.com/errata/RHSA-2014:0763
access.redhat.com/errata/RHSA-2014:0764
access.redhat.com/security/cve/CVE-2014-3496
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=1110470
github.com/openshift/origin-server/pull/5521
rhn.redhat.com/errata/RHSA-2014-0762.html