ADVISORIES

• OSVDB-108593
• Vendor Advisory

GEM

kompanee-recipes

PATCHED VERSIONS

None.

DESCRIPTION

kompanee-recipes Gem for Ruby contains a flaw in /lib/kompanee-recipes/heroku.rb that is triggered when handling shell metacharacters passed via the ‘password’, ‘user’, ‘deploy_name’, and ‘application’ variables. This may allow a remote attacker to execute arbitrary commands.

RELATED

• https://www.openwall.com/lists/oss-security/2014/07/07/17
• https://seclists.org/oss-sec/2014/q3/162
• https://www.mend.io/vulnerability-database/WS-2014-0025
• https://security.snyk.io/vuln/SNYK-RUBY-KOMPANEERECIPES-20177
• http://www.vapid.dhs.org/advisories/kompanee-recipes-0.1.4.html
• http://www.vapidlabs.com/advisory.php?v=67
• http://osvdb.org/show/osvdb/108593