CVE-2013-4489

Description

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

Exploitation Probability

0.202

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2013-4489 are fixed in Ruby-gitlab-grit 2.6.1	Windows
Vulnerabilities CVE-2013-4489 are fixed in Ruby-gitlab-grit for Linux 2.6.1	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234