Arbitrary Command Execution via Shell Metacharacters in Webbynode Gem's Notify Function
CVE-2013-7086 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
Learn more about our Web App Pen Testing.