karo 2.3.5
1 security vulnerability
found in version
2.3.5
karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
critical severity CVE-2014-10075
critical severity
CVE-2014-10075
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
karo Gem for Ruby contains a flaw in db.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
-
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
-
Severity: CRITICAL - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.