RSS   Vulnerabilities for 'Isucon 5 qualifier eventapp'   RSS

2015-11-03
 
CVE-2015-5673

 

 
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.

 


Copyright 2024, cxsecurity.com

 

Back to Top