CVE-2014-0156: OS command injection flaw in awesome_spawn

March 28, 2014

Awesome spawn contains an OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input is included in command arguments, an attacker could use this flaw to execute arbitrary commands.

References

github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff
github.com/rubysec/ruby-advisory-db/blob/master/gems/awesome_spawn/CVE-2014-0156.yml

Code Behaviors & Features

Detect and mitigate CVE-2014-0156 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →