High severityNVD Advisory· Published Dec 19, 2013· Updated Apr 29, 2026
CVE-2013-7086
CVE-2013-7086
Description
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
webbynodeRubyGems | <= 1.0.5.3 | — |
Affected products
4cpe:2.3:a:webbynode:webbynode:*:-:-:*:-:ruby:*:*+ 3 more
- cpe:2.3:a:webbynode:webbynode:*:-:-:*:-:ruby:*:*range: <=1.0.5.3
- cpe:2.3:a:webbynode:webbynode:1.0.5:-:-:*:-:ruby:*:*
- cpe:2.3:a:webbynode:webbynode:1.0.5.1:-:-:*:-:ruby:*:*
- cpe:2.3:a:webbynode:webbynode:1.0.5.2:-:-:*:-:ruby:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- archives.neohapsis.com/archives/bugtraq/2013-12/0079.htmlnvdExploit
- packetstormsecurity.com/files/124421nvdExploitWEB
- seclists.org/oss-sec/2013/q4/493nvdExploitWEB
- seclists.org/oss-sec/2013/q4/497nvdExploitWEB
- www.vapid.dhs.org/advisories/webbynode-command-inj.htmlnvdExploit
- github.com/advisories/GHSA-p65m-qr5x-rrqqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-7086ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/89705nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/webbynode/CVE-2013-7086.ymlghsaWEB
- github.com/webbynode/webbynode/pull/85nvdWEB
- web.archive.org/web/20200229074410/http://www.securityfocus.com/bid/64289ghsaWEB
- web.archive.org/web/20201208124343/http://www.vapid.dhs.org/advisories/webbynode-command-inj.htmlghsaWEB
- osvdb.org/100920nvd
- www.securityfocus.com/bid/64289nvd
News mentions
0No linked articles in our index yet.