CVE-2014-10075: Improper Neutralization of Special Elements used in a Command ('Command Injection')
(updated )
The karo gem for Ruby allows Remote command injection via the host field.
References
- www.vapid.dhs.org/advisories/karo-2.3.8.html
- www.vapidlabs.com/advisory.php?v=63
- github.com/advisories/GHSA-qfwq-chf4-jvwg
- github.com/rahult/karo/blob/master/lib/karo/db.rb
- github.com/rahult/karo/blob/master/lib/karo/db.rb
- github.com/rubysec/ruby-advisory-db/blob/master/gems/karo/CVE-2014-10075.yml
- nvd.nist.gov/vuln/detail/CVE-2014-10075
Detect and mitigate CVE-2014-10075 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →