Description
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
References (9)
Core 9
Core References
Issue Tracking x_refsource_misc
https://github.com/webbynode/webbynode/pull/85
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisories/webbynode-command-inj.html
Exploit mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/493
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124421
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89705
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100920
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64289
Exploit mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/497
Scores
EPSS
0.0207
EPSS Percentile
84.2%
Details
CWE
CWE-94
Status
published
Products (5)
rubygems/webbynode
0RubyGems
webbynode/webbynode
1.0.5
webbynode/webbynode
1.0.5.1
webbynode/webbynode
1.0.5.2
webbynode/webbynode
< 1.0.5.3
Published
Dec 19, 2013
Tracked Since
Feb 18, 2026