ADVISORIES
- CVE-2014-2888 (NVD)
- GHSA-vm28-mrm7-fpjq
- OSVDB-105971
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
- >= 0.4.15
DESCRIPTION
sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.