CVE-2014-0156 – awesome_spawn

Package

Manager: gem
Name: awesome_spawn
Vulnerable Version: >=0 <1.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02745 pctl0.85431

Details

OS Command Injection in awesome spawn Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

Metadata

Created: 2022-07-01T00:01:04Z
Modified: 2023-01-24T16:38:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-qpqw-mc85-qvm9/GHSA-qpqw-mc85-qvm9.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-qpqw-mc85-qvm9
Finding: F404
Auto approve: 1