CVE-2014-0156
published 2022-06-30CVE-2014-0156: Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.88%
85.1th percentile
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageiq | awesomespawn | >= 1.2.0 < 1.5.0 | 1.5.0 |
Detection & IOCsextracted from sources · hover to see the quote
- ·Package cfme-gemset (CloudForms Management Engine 5) is explicitly listed as Not affected by this vulnerability. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OS Command Injection in awesome spawn
osv·2022-07-01
CVE-2014-0156 [CRITICAL] OS Command Injection in awesome spawn
OS Command Injection in awesome spawn
Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
GHSA
OS Command Injection in awesome spawn
ghsa·2022-07-01
CVE-2014-0156 [CRITICAL] CWE-78 OS Command Injection in awesome spawn
OS Command Injection in awesome spawn
Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
Red Hat
awesome_spawn: OS command injection vulnerability
vendor_redhat·2014-03-27·CVSS 9.8
CVE-2014-0156 [CRITICAL] CWE-78 awesome_spawn: OS command injection vulnerability
awesome_spawn: OS command injection vulnerability
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
Package: cfme-gemset (CloudForms Management Engine 5) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-30
Published