Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-5002
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
lynx Gem for Ruby contains a flaw in command/basic.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-5002",
"description": "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.",
"id": "GSD-2014-5002"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "lynx",
"purl": "pkg:gem/lynx"
}
}
],
"aliases": [
"CVE-2014-5002",
"OSVDB-108580"
],
"details": "lynx Gem for Ruby contains a flaw in command/basic.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.",
"id": "GSD-2014-5002",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5002"
}
],
"schema_version": "1.4.0",
"summary": "lynx Gem for Ruby command/basic.rb Process Table Local Plaintext Password Disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/23"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "https://github.com/panthomakos/lynx/issues/3",
"refsource": "MISC",
"url": "https://github.com/panthomakos/lynx/issues/3"
},
{
"name": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-5002",
"date": "2014-06-30",
"description": "lynx Gem for Ruby contains a flaw in command/basic.rb that is due to the application exposing password information in plaintext in the process table. This may allow a local attacker to gain access to password information.",
"gem": "lynx",
"osvdb": 108580,
"patched_versions": [
"\u003e= 1.0.0"
],
"title": "lynx Gem for Ruby command/basic.rb Process Table Local Plaintext Password Disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5002"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.0.0a",
"affected_versions": "All versions",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-255",
"CWE-937"
],
"date": "2019-05-06",
"description": "The file /lib/lynx/pipe/get.rb does not properly sanitize user input before sending to command line. It may allow a remote attacker to execute arbitrary commands.",
"fixed_versions": [],
"identifier": "CVE-2014-5002",
"identifiers": [
"CVE-2014-5002"
],
"package_slug": "gem/lynx",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command injection vulnerability",
"urls": [
"http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
],
"uuid": "1b4779a8-399c-4d7c-ba00-0d5739c53faa"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lynx_project:lynx:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5002"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/23"
},
{
"name": "https://github.com/panthomakos/lynx/issues/3",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/panthomakos/lynx/issues/3"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-05-06T14:24Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}