Description
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/16/1
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/18/4
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/243
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html
Scores
EPSS
0.0073
EPSS Percentile
73.0%
Details
Status
published
Products (50)
herry/sfpagent
0.0.1
herry/sfpagent
0.1.0
herry/sfpagent
0.1.1
herry/sfpagent
0.1.2
herry/sfpagent
0.1.3
herry/sfpagent
0.1.4
herry/sfpagent
0.1.5
herry/sfpagent
0.1.6
herry/sfpagent
0.1.7
herry/sfpagent
0.1.8
... and 40 more
Published
Apr 23, 2014
Tracked Since
Feb 18, 2026