CVE-2015-5673

ISUCON5 eventapp gcloud - HTTP Request Command Execution

Title source: manual
STIX 2.1

Description

eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000175
Issue Tracking x_refsource_confirm
https://github.com/isucon/isucon5-qualify/pull/5
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN04281281/index.html

Scores

EPSS 0.0245
EPSS Percentile 82.4%

Details

CWE
CWE-78
Status published
Products (1)
isucon/isucon_5_qualifier_eventapp
Published Nov 04, 2015
Tracked Since Feb 18, 2026