CVE-2014-0156
CRITICALManageIQ Awesome Spawn 1.2.0-1.4.9 and Rubygems Awesome Spawn <1.2.0 - OS Command Injection via Command Arguments
Title source: llmDescription
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://rubysec.com/advisories/CVE-2014-0156/
Patch, Third Party Advisory x_refsource_misc
https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff
Scores
CVSS v3
9.8
EPSS
0.0137
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
manageiq/awesomespawn
1.2.0 - 1.5.0
rubygems/awesome_spawn
0 - 1.2.0RubyGems
Published
Jun 30, 2022
Tracked Since
Feb 18, 2026