CVE-2013-5036

Square Squash - RCE

Title source: llm

Description

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/27530

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Charlie Eriksen · rubypocruby

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/squash_yaml_exec.rb

View Code ZIP pw:eip

References (5)

[Various Sources] http://ceriksen.com/2013/08/06/squash-remote-code-execution-vulnerability-advisory/

[Third Party Advisory, VDB Entry] http://osvdb.org/95992

[Exploit] http://www.exploit-db.com/exploits/27530

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86335

[Exploit, Patch] https://github.com/SquareSquash/web/commit/6d667c19e96e4f23dccbfbe24afeebd18e98e1c5

Scores

EPSS 0.8050

EPSS Percentile 99.1%

Details

CWE

CWE-94

Status published

Products (1)

squash/square_squash

Published May 27, 2014

Tracked Since Feb 18, 2026