RSS   Vulnerabilities for 'Gollum'   RSS

2017-10-17
 
CVE-2014-9489

 

 
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.

 
2015-10-05
 
CVE-2015-7314

 

 
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

 

 >>> Vendor: Gollum project 3 Products
Gollum
Gollum-lib
Grit adapter


Copyright 2024, cxsecurity.com

 

Back to Top