{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-08T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"}, {"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"}, {"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Apr/243"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"}, {"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"}, {"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Apr/243"}, {"name": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html", "refsource": "MISC", "url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.159Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"}, {"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"}, {"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Apr/243"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2888", "datePublished": "2014-04-23T14:00:00", "dateReserved": "2014-04-17T00:00:00", "dateUpdated": "2024-08-06T10:28:46.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:herry:sfpagent:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "CF951D46-BF0B-40A1-8B9E-F4D2F618C93A", "versionEndIncluding": "0.4.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.0.1:*:*:*:*:ruby:*:*", "matchCriteriaId": "C53509B4-16E5-47E4-A097-8A79DCD52AFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.0:*:*:*:*:ruby:*:*", "matchCriteriaId": "5BE357DB-FC1B-4A58-9B2E-6B31C2BE6BA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.1:*:*:*:*:ruby:*:*", "matchCriteriaId": "DD0F6D51-6431-44FB-9F9E-B83B0338AD20", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.2:*:*:*:*:ruby:*:*", "matchCriteriaId": "7AA99F3D-E03D-4D42-847C-0679F4C67F17", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.3:*:*:*:*:ruby:*:*", "matchCriteriaId": "5BDB38BC-B869-43DA-84A7-6D131B194A12", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.4:*:*:*:*:ruby:*:*", "matchCriteriaId": "13201B95-819F-4B7D-88E2-4F825C6E8E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.5:*:*:*:*:ruby:*:*", "matchCriteriaId": "CF9BF2B5-8471-475C-B999-400C84221E2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.6:*:*:*:*:ruby:*:*", "matchCriteriaId": "2FCC9BAD-0B13-423C-9ECB-F3EAF76844A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.7:*:*:*:*:ruby:*:*", "matchCriteriaId": "A3EA2692-14AA-41FE-8AB7-B532D2CBFBB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.8:*:*:*:*:ruby:*:*", "matchCriteriaId": "7CDDB663-E630-4B70-8733-CBB3ABB48130", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.9:*:*:*:*:ruby:*:*", "matchCriteriaId": "8CC6193B-4BB0-4D7E-ACE7-55C640CF9A1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.10:*:*:*:*:ruby:*:*", "matchCriteriaId": "8DDF001C-C364-48FA-A989-E4C2397FA3CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.11:*:*:*:*:ruby:*:*", "matchCriteriaId": "550671DE-E1A5-40AC-9AD7-75A255933261", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.12:*:*:*:*:ruby:*:*", "matchCriteriaId": "A24807E4-1DD2-43EE-BE30-20C6649FD674", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.13:*:*:*:*:ruby:*:*", "matchCriteriaId": "A73DA277-6A35-4FCE-9B31-11671E7DB477", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.1.14:*:*:*:*:ruby:*:*", "matchCriteriaId": "8337E8C8-1CAB-45C1-9EB4-1C4443672DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.0:*:*:*:*:ruby:*:*", "matchCriteriaId": "C3CBD4AA-0282-4F58-8195-14B17B94549B", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.1:*:*:*:*:ruby:*:*", "matchCriteriaId": "C2504A5F-F57B-4CEA-9B7D-5C77FD016C04", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.2:*:*:*:*:ruby:*:*", "matchCriteriaId": "BD2FE4C1-58E8-4589-A07A-8B95810CE8AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.3:*:*:*:*:ruby:*:*", "matchCriteriaId": "4631B2C7-33F3-4145-A3F7-80EFB3047C39", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.4:*:*:*:*:ruby:*:*", "matchCriteriaId": "DA35B84A-D14C-4468-B84F-1E00AF83A0E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.5:*:*:*:*:ruby:*:*", "matchCriteriaId": "D047C5A3-D150-4DAA-B71E-D5893BBB1889", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.6:*:*:*:*:ruby:*:*", "matchCriteriaId": "EC2DC8BB-B71D-48C6-9CC3-EFD73CCDC67C", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.7:*:*:*:*:ruby:*:*", "matchCriteriaId": "F439D5E9-1D16-4D6B-A032-DAB6DC6C9BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.8:*:*:*:*:ruby:*:*", "matchCriteriaId": "BBE8A548-0F81-448D-9FE6-D45503EFE3BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.9:*:*:*:*:ruby:*:*", "matchCriteriaId": "5DE265F0-8639-4196-8AA7-FF918E237331", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.2.10:*:*:*:*:ruby:*:*", "matchCriteriaId": "2F208C46-A877-4770-AFE0-13A34A02276F", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.0:*:*:*:*:ruby:*:*", "matchCriteriaId": "04FA09F3-73CE-40F0-A518-07C19B1EBF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.1:*:*:*:*:ruby:*:*", "matchCriteriaId": "775DD4C0-1046-4C92-BE2D-C9243D9D1F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.2:*:*:*:*:ruby:*:*", "matchCriteriaId": "E1B2B8FF-8D7F-4F6E-8A5B-49A59AC1C2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.3:*:*:*:*:ruby:*:*", "matchCriteriaId": "B1EB8F2B-558C-43B0-9636-5B7142FE4F3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.4:*:*:*:*:ruby:*:*", "matchCriteriaId": "B092671D-D794-4B8A-8CAC-18FFD5D687D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.5:*:*:*:*:ruby:*:*", "matchCriteriaId": "1924BD77-60FC-4534-9182-0B8D0A315195", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.6:*:*:*:*:ruby:*:*", "matchCriteriaId": "022018AD-B4D2-47DA-A9DA-81BD767A0723", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.7:*:*:*:*:ruby:*:*", "matchCriteriaId": "CFE97D1C-3915-4051-ABCF-4930A3D5EEFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.8:*:*:*:*:ruby:*:*", "matchCriteriaId": "1EBCA3B0-0022-435B-972A-621CABAD9ACC", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.9:*:*:*:*:ruby:*:*", "matchCriteriaId": "4A8CB4F7-8D56-45C1-A7E5-7207697C560E", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.3.10:*:*:*:*:ruby:*:*", "matchCriteriaId": "2CBA3876-3F00-40DD-B5B5-D129A98EB1DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.0:*:*:*:*:ruby:*:*", "matchCriteriaId": "5068AD3E-40C0-4F6C-9B19-FBE4975CFAF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.1:*:*:*:*:ruby:*:*", "matchCriteriaId": "E03F8B0B-DA26-45D6-B6A6-EC6C55DEDF16", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.2:*:*:*:*:ruby:*:*", "matchCriteriaId": "8466046E-42F8-44EB-9536-3F060C782E61", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.3:*:*:*:*:ruby:*:*", "matchCriteriaId": "0357643C-7E86-45F5-8EC3-2EC324C5A698", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.4:*:*:*:*:ruby:*:*", "matchCriteriaId": "C6A08C79-1D3F-49B7-B75A-33F8E0F4FE62", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.5:*:*:*:*:ruby:*:*", "matchCriteriaId": "97ABFE90-415B-480F-9237-FC538BD37F0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.6:*:*:*:*:ruby:*:*", "matchCriteriaId": "E6E342E4-CAD0-47C8-9463-D095E43957A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.7:*:*:*:*:ruby:*:*", "matchCriteriaId": "C9D2C21C-7308-41CA-B596-6652A380120C", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.8:*:*:*:*:ruby:*:*", "matchCriteriaId": "80424A7C-0BCC-4BDE-A0E0-B302BA767F0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.9:*:*:*:*:ruby:*:*", "matchCriteriaId": "53D339AF-D6AE-445B-94DF-272B6A4F7F2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.10:*:*:*:*:ruby:*:*", "matchCriteriaId": "6A8326C2-CB37-45EC-95AF-82D2345BF262", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.11:*:*:*:*:ruby:*:*", "matchCriteriaId": "5ACA593D-CE0A-46F8-8A75-D3BBB3B4E787", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.12:*:*:*:*:ruby:*:*", "matchCriteriaId": "429C75FC-9EAD-42C6-88B7-47B96D6F5D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:herry:sfpagent:0.4.13:*:*:*:*:ruby:*:*", "matchCriteriaId": "925844ED-9071-4232-A866-0281144C6E1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request."}, {"lang": "es", "value": "lib/sfpagent/bsig.rb en la gema sfpagent anterior a 0.4.15 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el nombre de m\u00f3dulo en una solicitud JSON."}], "evaluatorComment": "Per: https://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "id": "CVE-2014-2888", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-23T15:55:04.860", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Apr/243"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/Apr/243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}