CVE-2013-7086

Published: Dec 19, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

Affected (4)

Products: Webbynode: Webbynode

Webbynode

1 product

Webbynode

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Webbynode Webbynode	Up to 1.0.5.3
Webbynode Webbynode	Version 1.0.5.1
Webbynode Webbynode	Version 1.0.5.2
Webbynode Webbynode	Version 1.0.5

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html

Source: cve@mitre.org

Exploit

http://osvdb.org/100920

Source: cve@mitre.org

http://packetstormsecurity.com/files/124421

Source: cve@mitre.org

Exploit

http://seclists.org/oss-sec/2013/q4/493

Source: cve@mitre.org

Exploit

http://seclists.org/oss-sec/2013/q4/497

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/64289

Source: cve@mitre.org

http://www.vapid.dhs.org/advisories/webbynode-command-inj.html

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/89705

Source: cve@mitre.org

https://github.com/webbynode/webbynode/pull/85

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2013-12/0079.html