Arbitrary Command Execution via Shell Metacharacters in Webbynode Gem's Notify Function

Arbitrary Command Execution via Shell Metacharacters in Webbynode Gem's Notify Function

CVE-2013-7086 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

Learn more about our Web App Pen Testing.