High severity8.8NVD Advisory· Published Oct 17, 2017· Updated Jun 17, 2026
CVE-2014-9489
CVE-2014-9489
Description
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gollumRubyGems | < 3.1.1 | 3.1.1 |
gollum-libRubyGems | < 4.0.1 | 4.0.1 |
Affected products
5- ghsa-coords2 versions
< 3.1.1+ 1 more
- (no CPE)range: < 3.1.1
- (no CPE)range: < 4.0.1
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2015/01/03/19nvdIssue TrackingMailing ListPatchThird Party AdvisoryWEB
- github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/71499nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-q97v-764g-r2rpghsaADVISORY
- github.com/gollum/gollum/issues/913nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-9489ghsaADVISORY
- web.archive.org/web/20200229041306/http://www.securityfocus.com/bid/71499ghsaWEB
News mentions
0No linked articles in our index yet.