gsd-2014-9489
Vulnerability from gsd
Modified
2014-12-04 00:00
Details
The gollum-grit_adapter gem contains a flaw that can allow arbitrary
command execution.
Grit implements its search functionality by shelling out to `git grep`. In
turn, `git grep` takes a `-O` or `--open-files-in-pages` option that will
pipe the results of `grep` to an arbitrary process. By failing to properly
sanitize user input search parameters, an attacker can thus perform command
execution.
Note that the grep result must find the string 'master' (or
whatever is the default branch that gollum uses) in any of the wiki's
documents for this to succeed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9489",
"description": "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.",
"id": "GSD-2014-9489"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "gollum-grit_adapter",
"purl": "pkg:gem/gollum-grit_adapter"
}
}
],
"aliases": [
"CVE-2014-9489"
],
"details": "The gollum-grit_adapter gem contains a flaw that can allow arbitrary\ncommand execution.\n\nGrit implements its search functionality by shelling out to `git grep`. In\nturn, `git grep` takes a `-O` or `--open-files-in-pages` option that will\npipe the results of `grep` to an arbitrary process. By failing to properly\nsanitize user input search parameters, an attacker can thus perform command\nexecution.\n\nNote that the grep result must find the string \u0027master\u0027 (or\nwhatever is the default branch that gollum uses) in any of the wiki\u0027s\ndocuments for this to succeed.\n",
"id": "GSD-2014-9489",
"modified": "2014-12-04T00:00:00.000Z",
"published": "2014-12-04T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gollum/gollum/issues/913"
}
],
"schema_version": "1.4.0",
"summary": "gollum-grit_adapter Search Functionality Allows Arbitrary Command\nExecution\n"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150103 Re: Re: CVE request: remote code execution vulnerability in gollum \u003c 3.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/19"
},
{
"name": "71499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71499"
},
{
"name": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7",
"refsource": "CONFIRM",
"url": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7"
},
{
"name": "https://github.com/gollum/gollum/issues/913",
"refsource": "CONFIRM",
"url": "https://github.com/gollum/gollum/issues/913"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-9489",
"date": "2014-12-04",
"description": "The gollum-grit_adapter gem contains a flaw that can allow arbitrary\ncommand execution.\n\nGrit implements its search functionality by shelling out to `git grep`. In\nturn, `git grep` takes a `-O` or `--open-files-in-pages` option that will\npipe the results of `grep` to an arbitrary process. By failing to properly\nsanitize user input search parameters, an attacker can thus perform command\nexecution.\n\nNote that the grep result must find the string \u0027master\u0027 (or\nwhatever is the default branch that gollum uses) in any of the wiki\u0027s\ndocuments for this to succeed.\n",
"gem": "gollum-grit_adapter",
"patched_versions": [
"\u003e= 0.1.1"
],
"title": "gollum-grit_adapter Search Functionality Allows Arbitrary Command\nExecution\n",
"url": "https://github.com/gollum/gollum/issues/913"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.1.1",
"affected_versions": "All versions before 0.1.1",
"credit": "Dawa Ometto\r\n",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2017-11-08",
"description": "In vulnerable versions of the gem, searching for the string `-O\u003carbitrary command\u003e` or `--open-files-in-pager \u003carbritary command\u003e` in the wiki\u0027s search field will execute an arbitrary shell command. However, this will only work if the string \"master\" (or more precisely, the name of the git branch that gollum is using) is found in one of the wiki\u0027s files: \"master\" is then interpreted as the search query, `-O\u003carbitary code\u003e` as a command line option to `git grep`.",
"fixed_versions": [
"0.1.1"
],
"identifier": "CVE-2014-9489",
"identifiers": [
"CVE-2014-9489"
],
"not_impacted": "All versions starting from 0.1.1",
"package_slug": "gem/gollum-grit_adapter",
"pubdate": "2017-10-17",
"solution": "Upgrade to version 0.1.1 or above.",
"title": "Remote Code Execution",
"urls": [
"https://github.com/gollum/gollum/issues/913",
"https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7"
],
"uuid": "57fae773-f9b8-45dd-94a0-f59c019d8561"
},
{
"affected_range": "\u003c4.0.1",
"affected_versions": "All versions before 4.0.1",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-78",
"CWE-937"
],
"date": "2021-09-16",
"description": "The gollum-grit_adapter Ruby gem dependency in gollum and the gollum-lib gem dependency in gollum-lib when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.",
"fixed_versions": [
"4.0.1"
],
"identifier": "CVE-2014-9489",
"identifiers": [
"GHSA-q97v-764g-r2rp",
"CVE-2014-9489"
],
"not_impacted": "All versions starting from 4.0.1",
"package_slug": "gem/gollum-lib",
"pubdate": "2017-11-16",
"solution": "Upgrade to version 4.0.1 or above.",
"title": "Improper Access Control",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-9489",
"https://github.com/gollum/gollum/issues/913",
"https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7",
"https://github.com/advisories/GHSA-q97v-764g-r2rp",
"http://www.openwall.com/lists/oss-security/2015/01/03/19",
"http://www.securityfocus.com/bid/71499"
],
"uuid": "6e8e94e3-cab7-4ce3-8630-028885fbc74f"
},
{
"affected_range": "\u003c3.1.1",
"affected_versions": "All versions before 3.1.1",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-78",
"CWE-937"
],
"date": "2021-09-16",
"description": "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.",
"fixed_versions": [
"3.1.1"
],
"identifier": "CVE-2014-9489",
"identifiers": [
"GHSA-q97v-764g-r2rp",
"CVE-2014-9489"
],
"not_impacted": "All versions starting from 3.1.1",
"package_slug": "gem/gollum",
"pubdate": "2017-11-16",
"solution": "Upgrade to version 3.1.1 or above.",
"title": "Improper Access Control",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-9489",
"https://github.com/gollum/gollum/issues/913",
"https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7",
"https://github.com/advisories/GHSA-q97v-764g-r2rp",
"http://www.openwall.com/lists/oss-security/2015/01/03/19",
"http://www.securityfocus.com/bid/71499"
],
"uuid": "9bba8de0-ef8f-4656-8aa9-c7ab773d3a84"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gollum_project:grit_adapter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gollum_project:gollum-lib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gollum_project:gollum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9489"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string \"master\" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7"
},
{
"name": "https://github.com/gollum/gollum/issues/913",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/gollum/gollum/issues/913"
},
{
"name": "71499",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71499"
},
{
"name": "[oss-security] 20150103 Re: Re: CVE request: remote code execution vulnerability in gollum \u003c 3.1.1",
"refsource": "MLIST",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/19"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-11-08T16:20Z",
"publishedDate": "2017-10-17T14:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…