Back to search
CVE-2015-5673
Published: Nov 4, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
JVNDB-2015-000175
third-party-advisory
x_refsource_JVNDB
https://github.com/isucon/isucon5-qualify/pull/5
x_refsource_CONFIRM
JVN#04281281
third-party-advisory
x_refsource_JVN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now