Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/gollum-lib@1.0.5
Typegem
Namespace
Namegollum-lib
Version1.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.1
Latest_non_vulnerable_version4.0.1
Affected_by_vulnerabilities
0
url VCID-68rr-m512-m7b1
vulnerability_id VCID-68rr-m512-m7b1
summary 
Remote Code Execution
In vulnerable versions of the gem, searching for the string `-O<arbitrary command>` or `--open-files-in-pager <arbritary command>` in the wiki's search field will execute an arbitrary shell command. However, this will only work if the string "master" (or more precisely, the name of the git branch that gollum is using) is found in one of the wiki's files: "master" is then interpreted as the search query, `-O<arbitary code>` as a command line option to `git grep`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9489
reference_id
reference_type
scores
0
value 0.01195
scoring_system epss
scoring_elements 0.79179
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9489
1
reference_url https://github.com/gollum/gollum
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum
2
reference_url https://github.com/gollum/gollum/issues/913
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum/issues/913
3
reference_url https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7
4
reference_url https://web.archive.org/web/20200229041306/http://www.securityfocus.com/bid/71499
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229041306/http://www.securityfocus.com/bid/71499
5
reference_url http://www.openwall.com/lists/oss-security/2015/01/03/19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/01/03/19
6
reference_url http://www.securityfocus.com/bid/71499
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/71499
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9489
reference_id CVE-2014-9489
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9489
8
reference_url https://github.com/advisories/GHSA-q97v-764g-r2rp
reference_id GHSA-q97v-764g-r2rp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q97v-764g-r2rp
fixed_packages
0
url pkg:gem/gollum-lib@4.0.1
purl pkg:gem/gollum-lib@4.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gollum-lib@4.0.1
aliases CVE-2014-9489, GHSA-q97v-764g-r2rp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68rr-m512-m7b1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/gollum-lib@1.0.5