cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 up to and including 2.1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openshift origin 2.1 |
||
redhat openshift 2.0.6 |
||
redhat openshift 2.1 |
||
redhat openshift origin 2.1.1 |
||
redhat openshift 2.0.5 |
||
redhat openshift 2.0.2 |
||
redhat openshift origin 1.2.8 |
||
redhat openshift 2.1.1 |
||
redhat openshift 2.0.1 |
||
redhat openshift 2.0.3 |
||
redhat openshift 2.0.4 |
||
redhat openshift 1.2.8 |
||
redhat openshift 2.0 |