CVE-2014-9489

Published: Oct 17, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.

Affected (3)

Products: Gollum Project: Gollum, Gollum Lib, Grit Adapter

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gollum Project Gollum	Up to 3.1.0
Gollum Project Gollum Lib	Up to 4.0.0
Gollum Project Grit Adapter	Up to 0.1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.openwall.com/lists/oss-security/2015/01/03/19

Source: cve@mitre.org

Issue TrackingMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/71499

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/gollum/gollum/issues/913

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/01/03/19

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/71499

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/gollum/gollum/issues/913

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.