Search for packages
| purl | pkg:gem/gollum@3.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mjjs-t5cq-ebeq
Aliases: CVE-2015-7314 GHSA-m2q3-53fq-7h66 OSV-127779 |
Information disclosure vulnerability A vulnerability allows attackers to gain read access to arbitrary files on the system. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7tha-sfe1-nfdy | Remote Code Execution In vulnerable versions of the gem, searching for the string `-O<arbitrary command>` or `--open-files-in-pager <arbritary command>` in the wiki's search field will execute an arbitrary shell command. However, this will only work if the string "master" (or more precisely, the name of the git branch that gollum is using) is found in one of the wiki's files: "master" is then interpreted as the search query, `-O<arbitary code>` as a command line option to `git grep`. |
CVE-2014-9489
GHSA-q97v-764g-r2rp |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T21:05:08.643415+00:00 | GHSA Importer | Fixing | VCID-7tha-sfe1-nfdy | https://github.com/advisories/GHSA-q97v-764g-r2rp | 38.6.0 |
| 2026-06-04T20:05:06.269042+00:00 | GitLab Importer | Affected by | VCID-mjjs-t5cq-ebeq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/gollum/CVE-2015-7314.yml | 38.6.0 |
| 2026-06-04T18:09:49.610572+00:00 | Ruby Importer | Affected by | VCID-mjjs-t5cq-ebeq | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2015-7314.yml | 38.6.0 |
| 2026-06-04T17:05:36.887369+00:00 | GithubOSV Importer | Fixing | VCID-7tha-sfe1-nfdy | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-q97v-764g-r2rp/GHSA-q97v-764g-r2rp.json | 38.6.0 |
| 2026-06-02T04:37:20.944418+00:00 | GitLab Importer | Fixing | VCID-7tha-sfe1-nfdy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/gollum/CVE-2014-9489.yml | 38.6.0 |