CVE-2013-4489

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
gitlabgitlab
5.2.0
gitlabgitlab
5.3.0
gitlabgitlab
5.4.0
gitlabgitlab
6.0.0
gitlabgitlab
6.1.0
gitlabgitlab
6.2.0
gitlabgitlab
6.2.1
gitlabgitlab
6.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
16.8.4-1
fixed
References
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/