Miggo Logo
Miggo Vulnerability Database
CVE-2013-4489

CVE-2013-4489: GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed

6.5

CVSS Score

Basic Information

CVE ID
CVE-2013-4489
GHSA ID
GHSA-95xq-v4m2-fq3r
EPSS Score
0.42732%
CWE
CWE-20
Published
5/17/2022
Updated
7/3/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
gitlab-gritrubygems< 2.6.12.6.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how the Grit::Repo#grep method in lib/grit/repo.rb called git.native(:grep) without the {pipeline: false} option prior to the patch. The commit diff shows the patched version explicitly adds pipeline: false to this call. In vulnerable versions, when user input containing pipe characters (|) was passed to the code search (which uses this grep method), the native command execution would interpret the pipe as a shell operator due to missing pipeline:false. The git.native function's pipeline handling in lib/grit/git.rb only executed shell pipelines when the pipeline option was enabled, but the grep method's lack of pipeline:false in vulnerable versions left this pathway open for exploitation via malicious input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *rit **m *or Ru*y, *s us** in *itL** *.* ***or* *.*.* *n* *.x ***or* *.*.*, *llows r*mot* *ut**nti**t** us*rs to *x**ut* *r*itr*ry *omm*n*s, *s **monstr*t** *y t** s**r** *ox *or t** *itL** *o** s**r** ***tur*. *itL** *rit **m *or Ru*y *ont*ins

Reasoning

T** vuln*r**ility st*ms *rom *ow t** `*rit::R*po#*r*p` m*t*o* in `li*/*rit/r*po.r*` **ll** `*it.n*tiv*(:*r*p)` wit*out t** `{pip*lin*: **ls*}` option prior to t** p*t**. T** *ommit *i** s*ows t** p*t**** v*rsion *xpli*itly ***s `pip*lin*: **ls*` to t