rubygem-openshift-origin-node is vulnerable to arbitrary code execution attacks. The vulnerability exists as Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
rhn.redhat.com/errata/RHSA-2014-0529.html
rhn.redhat.com/errata/RHSA-2014-0530.html
access.redhat.com/errata/RHSA-2014:0529
access.redhat.com/errata/RHSA-2014:0530
access.redhat.com/security/cve/CVE-2014-0233
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1096955
rhn.redhat.com/errata/RHSA-2014-0530.html