ADVISORIES
- CVE-2013-4489 (NVD)
- GHSA-95xq-v4m2-fq3r
- OSVDB-99370
GEM
PATCHED VERSIONS
- >= 2.6.1
DESCRIPTION
GitLab Grit Gem for Ruby contains a flaw in the app/contexts/search_context.rb script. The issue is triggered when input passed via the code search box is not properly sanitized, which allows strings to be evaluated by the Bourne shell. This may allow a remote attacker to execute arbitrary commands.